Home A Step Towards a Secure Internet: Google Developers Make Progress with SSL False Start

A Step Towards a Secure Internet: Google Developers Make Progress with SSL False Start

Securing the Internet is no easy task but Google researchers think they have taken a step closer this week with a program called SSL False Start that decreases the load time of SSL connections up to 30%.

Secure Sockets Layer (SSL) is a certification that encrypts data between an end-users’ browser and the server. It is a headache to implement and increases connection latency and only a few of the major sites on the Web have instituted “always on” SSL/TLS protection on top of HTTP to create the more secure HTTPS. While SSL False Start is a good step in creating a safer Internet, it is not the cure for all SSL woes. But, it does look like a step in the right direction.

Google developers wrote on the Chromium Blog, “We implemented SSL False Start in Chrome 9, and the results are stunning, yielding a significant decrease in overall SSL connection setup times. SSL False Start reduces the latency of a SSL handshake by 30%.”

The developers were concerned that False Start would not be backwards compatible and that if it affected “user experience for even a small fraction of users, the optimization is non-deployable.” So they tested it out by finding every site that uses HTTPS in Google’s index and it came away with a 94.6% success rate, with 5% timing out and .4% failing. The time-outs turned up as sites that were no longer in service. The developers contacted the domains that failed and said that most have fixed the issue that made False Start fail. The list of sites that are not compatible with False Start is located in the Chromium source code.

The Electronic Frontier Foundation and Access have teamed up on a campaign called “HTTPS Now” that aims to secure the Internet. Yet, with SSL and encryption still a messy and expensive process, it could be a while before the EFF reaches its goal.

“There is no consistent library for implementing SSL in the browser,” said Tom Bridge, a partner at Technolutionary, a technical services firm. “Firefox, Safari, IE, Chrome, they all use different processes for handling the SSL handshake. Encryption is still a heavy-math process, something that requires both RAM and processor time.”

After some high-profile hacks, including Mark Zuckerberg’s own profile, Twitter and Facebook have offered users options in their profile settings to always use HTTPS. Most of the major email clients use HTTPS as well.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.