Internet Security

7 Myths About HTTPS and SSL Certificates You Shouldn’t Believe

Philip Bates 21-06-2018

Take a look at the URL for this article and you’ll see that it starts with https. That “s” at the end means the connection between your device and this site is secure.


On the web, secure connections are usually established using a secure sockets layer (SSL) certificate What Is an SSL Certificate, and Do You Need One? Browsing the Internet can be scary when personal information is involved. Read More . These can be confusing, partly because there are many myths about them that you simply shouldn’t believe. Let’s debunk a few of the more common ones!

Myth 1: “Only E-Commerce Sites Need SSL”

Don't Believe These Myths About SSL Certificates

You’ve probably heard that only sites requiring personal data need SSL certificates. It’s a fair assumption: after all, you should be trained by now to notice encryption on sites that request private information. It’s true that, when signing up and logging in, you definitely need to check the address bar reads “https”.

But encryption is vital for all sites, whether e-commerce or a small blog.

Firstly, Google defaults to a secure version Google Is Making HTTPS the Chrome Default With well over half of all websites now encrypted, it's time to think of HTTPS as the default option rather than the exception. That is, at least, according to Google. Read More of a site. Google Chrome users who visit a site which doesn’t have an SSL certificate will instead see a warning page. This will inform them that the page is not secure.


Secondly, those visiting via other browsers will consider you more trustworthy. Most users now know about checking for secure connections, so installing an SSL certificate is a sign that you take their privacy seriously.

In effect, you’re telling your audience that you’re a professional organization.

Myth 2: “SSL Won’t Affect Web Traffic”

If Google Chrome doesn’t fully load a web page, that site’s statistics will be affected—potentially quite drastically! Imagine how many people might see that their connection isn’t secure and immediately turn away.

The problem is, even when their data doesn’t seem at risk, people panic when they see security alerts. They picture themselves falling victim to hackers. Thankfully, most users prioritize their security over convenience. So if they can’t read your site, they’ll simply search for another one which offers similar information.


Furthermore, an SSL certificate is essential for SEO. It’s not just about keywords: Google ranks a page higher if it proves to implement decent security measures. Naturally, the nearer the top of search results, the more people will find your page.

Myth 3: “SSL Significantly Slows Page Loading”

Don't Believe These Myths About SSL Certificates
Image Credit: jayneandd/ Flickr

With a potentially increased audience, your concern might be that an HTTPS address will slow down your site. Fortunately, encryption has no noticeable effect on the speed of your website.

That’s because, in most cases, HTTPS actually refers to HTTP/2, a revision on the standard HTTP protocol. It was designed to have a 50 percent reduction in page load time through compression of data and reduction of processes involved.


Here’s what you need to know: the web has been using HTTP since 1991. HTTP/2 is an upgrade to this with an eye on performance.

If you want proof, check out some of your favorite sites—the most popular ones (including social media like Facebook) have SSL certificates and look how fast they are!

Okay, so sometimes, speed will be affected, but it’s rare and negligible. We’re talking milliseconds. This is mainly down to server distances, which you typically can’t help. And cases of slowing down will get fewer and more far between as Certificate Authorities (CA) secretly switch to Transport Layer Security (TLS) instead.

Myth 4: “SSL Certificates Are Cutting Edge”

Don't Believe These Myths About SSL Certificates


SSL certificates are great, but they’re not the most advanced form of encryption widely used on the internet. In fact, many CAs use TLS certificates instead How Web Browsing Is Becoming Even More Secure We have SSL certificates to thank for our security and privacy. But recent breaches and flaws may have dented your trust in the cryptographic protocol. Fortunately, SSL is adapting, being upgraded - here's how. Read More .

TLS certificates are essentially the next stage in the life of HTTPS.

The successor has been around since 2008, fixing some of the minor vulnerabilities in SSL certificates. However, until recently, it’s mostly been used solely for sites that require payment details or manage your money. PayPal is perhaps the most notable example of a monetary site using TLS.

Fortunately, several exploits in SSL certificates means TLS has become more commonplace. In fact, many encryption services implement TLS instead of SSL certificates as default; the latter is more well-known so is frequently used without the client knowing the difference.

As long as your URL has HTTPS, most website visitors are content.

Myth 5: “SSL Certificates Are Expensive”

Don't Believe These Myths About SSL Certificates
Image Credit: Ken Teegardin/ Flickr

Which organizations use TLS? Primary examples also disprove the myth that HTTPS is expensive.

Let’s Encrypt is a popular service because it’s effective and entirely free. Many big name companies support the idea, including Facebook, Yoast, Mozilla, the American Library Association, Server Pilot, and Google Chrome.

Alternatively, freemium software is available. Encryption Everywhere, created by security firm, Symantec, offers free SSL/TLS certificates, and you can pay for additional security features.

Admittedly, SSL certificates can be costly, but it largely depends on hosts. Sometimes, the host server doesn’t support third party encryption, i.e. they want you to use their own associated service so they can get extra cash from you. It’s a horrible tactic, especially when users are under pressure from Google.

You need to shop around. Don’t be scammed by your web host.

Myth 6: “SSL Certificates Encrypt All Data”

Don't Believe These Myths About SSL Certificates
Image Credit: owlpacino/ Flickr

Let’s not rave about SSL certificates without pointing out that it’s not the be-all and end-all for security. Yes, data is encrypted—but only during transit. HTTPS means your connection is secure; it doesn’t mean the web server is secure.

Imagine it as a tunnel you’re driving through. The tunnel means your vehicle can’t come under attack from anything from above, below, or either side of you. However, problems can still occur once you reach your destination. You don’t know what lies ahead of you once your car comes to rest.

The same goes for data. It’s encrypted so you shouldn’t be a victim of a man-in-the-middle (MITM) attack What Is a Man-in-the-Middle Attack? Security Jargon Explained If you've heard of "man-in-the-middle" attacks but aren't quite sure what that means, this is the article for you. Read More while it’s transferring between networks. But once that data is static (i.e. stored on someone’s server), SSL certificates don’t mean much.

This is why HTTPS is now considered a basic security measure, something sites should have as standard. Further precautions are also needed!

Myth 7: “SSL Encryption Is Foolproof”

HTTPS offers a good level of encryption. You’ve probably heard a lot of good stuff about that. Still, myths persist about encryption Don't Believe These 5 Myths About Encryption! Encryption sounds complex, but is far more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let's bust some encryption myths! Read More . Notably, you should know that encryption doesn’t make something unhackable.

Companies just need to try their best: they need to look after personal information in the most secure ways possible. They have a responsibility to look after private details. The methods used to track passwords How Do Websites Keep Your Passwords Secure? With regular online security breaches reported, you're doubtless concerned about how websites look after your password. In fact, for peace of mind, this is something everyone needs to know… Read More , however, show how ineffective encryption can be, depending on the form used to store them.

Even SSL certificates have been compromised—that’s what Heartbleed was all about, hitting headlines back in 2014.

Can you trust SSL/TLS certificates? Yes. Just remember: no security is absolute, and vulnerabilities are inevitable.

Make Sure You’re Using a Secure Web Browser

Don’t underestimate the importance of basic levels of safety online. SSL certificates are a vital part of your protection from cybercriminals.

Of course, you need support from a strong security suite too. Fortunately, mainstream browsers know the significance What Is the Most Secure Mainstream Browser? The battle for the best desktop browser will never be settled. But which is the most secure? All boast having superior protection -- but in 2017, which is the browser of choice for the security-... Read More of keeping their users secure on the internet.

Related topics: Debunking Myths, Encryption, SSL.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jan Steinman
    June 26, 2018 at 8:51 pm

    your concern might be that an HTTPS address will slow down your site… Fortunately, encryption has no noticeable effect on the speed of your website… [because HTTP/2 is ] designed to have a 50 percent reduction in page load time through compression of data….

    Okay, you lost me. Unless it compresses before encryption, compression isn't going to accomplish much, because encrypted data has no patterns that can be compressed.

  2. Bruce Wilson
    June 23, 2018 at 4:10 am

    Why are we still talking about SSL as if it's a secure option? Even TLS 1.0 and 1.1 are deemed too weak to provide any meaningful security.

  3. vera
    June 22, 2018 at 9:03 am

    Encryption protocol (ie. whether SSL or TLS) does not depend on certificate type. In fact, the protocol used in a given communication depends on the "most secure" (in the sense that protocols have been ordered in configuration) protocol (including protocol version) that is matched by both browser and web server.

    As a consequence, SSL vendors often refer to certificates as SSL/TLS certs.

    Another point is that, even with encryption enabled, some browser are marking the connection as insecure when an old and insecure protocol is used, for instance, SSLv2.

  4. Nate
    June 22, 2018 at 12:32 am

    Myth#4 - There isn't such things as SSL or TLS certs, they use the same X509 keys. SSL/TLS are protocols.

  5. Aaron Roydhouse
    June 21, 2018 at 11:44 pm

    What is a TLS certificate? Don't SSL and TLS protocols use the exact same X.509 certificates?

    • neutronscott
      October 5, 2018 at 2:54 am

      Yeah, author is misinforming people..