A Small Orange has just announced improved security for SSL by adopting Forward Secrecy to ensure that your data is secure even if the long term keys that encrypt the data is compromised in the future.
You are probably all aware how SSL certificates can improve the security of your data as it is transmitted over the internet. The problem is, especially in light of various disclosures about governments hacking communications, is that if the public and private keys used in those communications are compromised it can reveal data exchanged not only in that session, but all the data exchanged previously.
Forward Secrecy works by ensuring that a session key derived from a set of long-term public and private keys will not be compromised if one of the long-term private keys is compromised in the future.
Ok, so what exactly does this mean ... Well, when websites are powered by HTTPS the communication between the browser and server will utilize a secret key that only the server knows. From that secret key, a session key is generated that is communicated to your web browser to allow it to decipher the encrypted information from the HTTPS server. In a perfect world, your secret key would never be disclosed and the data transmitted would never be at risk. We all know however that the world is not perfect and at some point, someone will have their secret key disclosed to some shady people.
The problem with this is that without Forward Secrecy the people who have managed to get hold of your secret key will be able to decrypt all data you have sent via that secret key. If they had been listening in to your connection and had amassed past data (this could include confidential client data and communications) they will then be able to see it all. Forward Secrecy works by constantly changing the secret keys used to encrypt the data so that even if your secret key is compromised, they will not be able to decrypt all your past communications as well. This makes it significantly more secure.
A Small Orange has offered Forward Secrecy for the last three months on their VPS and Dedicated hosting products but has also now recently announced that they now support Forward Secrecy on their shared and business shared products as well.
How to verify if your website supports Forward Secrecy
There is an excellent service offered by SSL Labs that will scan your website and has a grading system that will advise how secure your website is. A recent change to the testing tool is that it is now a prerequisite to get an A or A+ rating that your website supports Forward Secrecy.
As indicated in A Small Orange's Blog post on the topic, you are recommended now to ensure that your website meets, at least, the A Grade if you are using SSL.
If you are interested in finding out more about A Small Orange, you can check out our review here. They are one of our recommended hosts, and utilize SSD storage for increased performance, and indeed, have one of the best support teams we know. You can also find some exclusive discounts off their hosting for our readers here.