One driving force behind SSL (Secure Sockets Layer ) technology in the ecommerce industry is the need to encrypt parts of online consumer transactions to protect the security and integrity of the data exchanged during online transactions.
SSL relies on a cryptographic system that uses two keys to encrypt data. The longer the SSL key length the better encryption it offers -- but the trade-off is that stronger encryption requires more SSL processing power on your ecommerce server.
Understanding SSL Key LengthThe big concern is that today's 1024-bit RSA key length secure certificate private keys will become vulnerable and will be broken. Government agencies have determined that the power of new hardware in today’s market can indeed break 1024-bit (1K key) security.
In fact, The National Institute of Standards and Technology (NIST) of the U.S. Government recommend that key lengths be upgraded to 2048-bit strength to be considered secure. Certificates with a lifecycle past December 31st, 2010 need to be 2048-bit keys (2K keys).
Peter Melerud, co-founder and vice president of product management for KEMP Technologies said that a lack of SSL processing power is the major problem that small business ecommerce site owners face when migrating to 2048-bit key lengths.
“As encryption gets stronger and more secure, the key length increases and you need more server power to serve up the same number of connections,” he explained. “Small businesses that have been using 1024-bit SSL certificates may see issues such as the website slowing down, and site users may experience issues during the check-out process with the change to 2048-bit.”
To meet certified SSL site requirements, however, you must migrate to the new keys, and in the ecommerce market it is now a must-do. To obtain a SSL certificate for your ecommerce business, all leading SSL issuing certificate authorities now require you to buy 2K as they no longer issue 1024-bit keys.
The Server Impact of Using Longer 2048-bit SSL KeysThe impact on how your website responds to browser requests is the major consideration when migrating to 2048-bit keys. An ecommerce server is already tasked with requests, and increased processing for handling the stronger keys can easily increase latency -- you’ll see a slowdown in time for pages and forms when loading in the browser or when being submitted.
Increased latency can adversely affect the shopping experience by adding more time to the check-out process. “Consider a customer who has spent time browsing on your Web site," Melerud said. "They’ve invested time in looking and finding the right products to buy. When they are ready to check-out, a new customer fills out a registration form -- which is encrypted. You also have other processes that need to run in addition to SSL, such as serving HTML, your site content, and other back-end processes. ”
While the new 2048-bit keys for SSL encryption is said to be more than 4 billion times more secure than 1024-bit keys it also requires up to eight times more computing power for each decryption. Ecommerce business owners who currently perform SSL encryption will be the most affected with migration.
Load balancing and SSL Processing with LoadMasterTo continue serving your site and transactions, ecommerce site owners can consider load balancing, where SSL capabilities are off-loaded to dedicated SSL devices between the server and browser connection. Another option is to have SSL off-loaded by using a combination of server load-balance and content-switching appliances that integrate ASIC-based SSL acceleration.
Being prepared and knowing how much SSL processing power you need is the first step towards finding the right solution for your ecommerce business. To determine what you need for SSL processing, ecommerce sites can measure transactions per second (TPS); that is the number of transactions (customer check-out and cart check-outs) per second you need to support.
The cost of supporting 2K keys varies -- KEMP Technologies upgraded its own mid-tier load balancing platforms (2600 and 3600 LoadMasters) in January, 2011 to deliver increased throughput and SSL transaction processing. The LoadMaster 2600 (priced at $ 6,990) has improved SSL transactions per second (TPS) to 2,000 TPS. The 3600 is priced at $9,890 with SSL processing throughput of 5,000 TPS and additional features.
Melerud said that while the migration to 2048-bit keys is not law it is, however, a fact of life for ecommerce businesses. Not only are there data security and integrity concerns associated with 1024-bit keys -- but leading vendors (including VeriSign, GeoTrust, Entrust and GoDaddy) no longer issue 1024-bit keys.
If you’re in the ecommerce business and conducting online transactions you cannot ignore this migration -- supporting 2048-bit keys is where the industry is headed.
Looking for More Ecommerce Security Tips?Check out these related articles on EcommerceGuide.com:
8 Security Resolutions for Ecommerce Site OwnersPCI Compliance: Does It Equal Security?Ecommerce Server: Use Load Balancing to Boost UptimeAn E-Comm Buyers’ Guide to Choosing TrustmarksVangie Beal is a veteran online seller and frequent contributor to ECommerce-Guide.com. She is also managing editor of Webopedia.com. You can tweet with her online @AuroraGG .
Ecommerce Server: Use Load Balancing to Boost UptimeShoppers crowd stores as season winds down
