What is Online Certificate Security Protocol?

SSL secure sockets layer protocol (secure sockets layer), provides a transport layer security application protocol, to solve the Internet service website identity identification, confidential, private information encrypted transmission problems. The most important part of the SSL deployment process is the application and configuration of the SSL website security certificate (ssl). Deciding which SSL website security certificate to purchase is not only a technical issue, but also a series of issues such as the company's strategy, service awareness, and management.

Web Security Certificate

The SSL security protocol was originally developed by the United States

1. Is the higher the number of encryption bits the better?

At present, in the SSL website security certificates on the market, there is a misunderstanding of the higher the number of encrypted digits. The encryption link involved in the SSL protocol has two encryption digits. One is the number of certificate public key. Divided into 512 bits, 1024 bits, 2048 bits, the mainstream is 1024 bits. The first is the number of session keys (symmetric keys), which are divided into 40 bits, 128 bits, and 256 bits. The mainstream is 128 bits. The public key algorithm is mainly used to encrypt the session key. The session key is used to encrypt the session content after the SSL session is established. The length of the session key is related to the key length supported by the browser. Microsoft s IE series browsers have 40 Both bit and 128-bit, such as firefox, can support 256-bit session keys. The mainstream key lengths are quite difficult to crack under the current technical level, and brute force cracking takes a long time. And because the SSL session key is one-time and has a short validity period, there is basically no possibility of being brute-forced. The encryption process needs to consume server resources. As the key length increases, it will bring greater performance load. Under the premise that the mainstream key length can provide sufficient security, a longer key length can only bring invalidity. The load increases.

2. Is it better to have fewer levels of certificate chain?

In the current SSL website security certificates on the market, there are also many disputes about the length of the certificate chain. In fact, there are many reasons for the length of the certificate chain, including different security levels and certificate issuing policies, which cannot be generalized. The longer the certificate chain, the longer the verification time, but the performance is close to the same at a length of no more than four levels.