Compliance with SSL security standards
SSL (now known as Transport Layer Security (TLS)) – the most common protocol for encrypting the communication between a client and a server, has been a constant target of malicious activities aimed at undermining the overall security of the web.
The last year has seen a spike in smart attacks, which use weaknesses in the way the protocol is configured on the server to intercept the private and secure data transmitted over the network. Even the popular OpenSSL crypto library has fallen victim to malicious scenarios.
There is no painkiller technique to curb the ever-growing inventiveness of hackers globally. However, security specialists recommend that each hosting entity should exert high-level control over their system to prevent online security hacks. This includes making sure that a server or an application is configured to use certificates from well-known issuers called Certificate Authorities (CAs) and that each given SSL is deployed correctly and is being kept up to date with security releases.
To help establish standards in SSL security and keep users in the know if a given website is secure enough to be trusted, online specialists joined efforts and exchanged know-how, which resulted in the introduction of non-commercial online security services such as SSL Labs.
These projects are aimed at educating hosting providers on the best practices in online security and, at the same time, at raising awareness among users about the importance of security and about the ways it can be verified on their own.
Everyone can now run a quick security test on their browser online:
What’s more important, every user can now test the security of their server and is strongly encouraged to do so:
As a hosting provider, which backs up the security of your business for the sake of the ever-more-security-conscious clients of yours, we have taken steps to synchronize all security-enhanced instances, which use an SSL certificate, including the Control Panel login page, with the latest standards in SSL communication.
This way, if a customer of yours runs an online security test on their Control Panel login page or on your SSL-enabled store using SSL Labs, they will see it listed in the top ‘A rating’ category:
Also, users will see that your services are immune to TLS_FALLBACK_SCSV , which is the latest SSL glitch on the scene.
The SSL Labs test will return detailed results about the SSL certificates installed on the server to inform users of their security relevancy.
Also, users will see if the installed SSL supports the latest stable version of the HTTPS protocol:
In Protocol Details, users will be able to check our platform’s and your store’s level of protection against all nightmarish SSL vulnerabilities, including POODLE and Heartbleed: