Explanation of the differences in secure connection between the site provided

We want EE brief explanation of the 4 secure sites and why the use different method of Class, connection and encryption
rayluvsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rayluvsAuthor Commented:
forgot the the pic of the sites:

Sites viewed in the Pc:
Expert-Exchange 'Ask Question'
Bank (fake name)
Microsoft (hotmail, skydrive, etc.)
gmail

Security Info viewed sites:
Classes:                    Class 3 and Authority G2
Connection used:   TLS 1.0, SSL 3.0 and TLS 1.2
Encryption:             RCA_128/SHA1/RSA, AES_128_CDB/SHA1/RSA and RC4_128/SHA1/ECDHE_RSA

secre
Please gives us you observations

Thank you very much!
0
Dave BaldwinFixer of ProblemsCommented:
Well, why not?  There are different versions, vendors, and methods available.  Some of the differences could be caused by when the certificates were originally purchased.  Originally you could only get the 'highest' validation certificates where you had to submit all your business info and credit verification because it was being used to 'identify' you.  Now you can get lower cost certificates that are really just for encrypting the connection without positively identifying you.

The oldest version is SSL 3.0 and the newest is TLS 1.2.

The first three are verified by a company called Verisign and the last is by Google.

The bottom group that you have circled lists the exact methods used by each connection.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rayluvsAuthor Commented:
So in conclusion, an explanation of the differences of the secure connection between the site provided at 'ID: 39460457' is caused by when the certificates were originally purchased?

Is that an accurate assumption?
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

Dave BaldwinFixer of ProblemsCommented:
Good enough I suppose.  There is no requirement for them to all be the same, even if they were all purchased today.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Just to build on your observation.

So in conclusion, an explanation of the differences of the secure connection between the site provided at 'ID: 39460457' is caused by when the certificates were originally purchased?

I would add that it is also depends on both the server and client and they need to match.   All of your samples are at 128 bit and the main difference is the protocol and that could be a function of the server.
0
rayluvsAuthor Commented:
Thank you all.

One last question. Why does expert-exchange have a secure connection when placing a question (We found this curious since placing a question seams a none security breach).
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
We are not the engineers of the site so can't comment on that directly.  

My suggestion to you if you are working on any kind of database site is to just make all pages https.   This is common practice now if you look at google+, facebook, twitter etc.
0
rayluvsAuthor Commented:
You are correct.  Just typed in google.com and saw the secure connection "https://www.google.hn/".  Always thought it was non-secure.  And always thought that if a site had a secure connection, that security would have been a cost transfer to the customer.  Now we are more confused on why some sites are secured when, at laymen view, it seems unnecessary.

So this means that my connection to google is always encrypted?
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Yes, if you are on https, the connection is encrypted.

>Now we are more confused on why some sites are secured when, at laymen view, it seems unnecessary.

I can't speak to any other site's reason for doing things but if you are submitting data, it should be over https.  Sometimes you may not be able to tell if it is https such as logging out of experts-exchange then click the log in, you will see you are on http but as you view how the  form submits, it is via https.

HTTPS is very common today.  There should't be any worries about running your entire site over https if you wanted to.   If you have just one form, you can can just force https on that one page either through your serverside scripting or htacccess/webconfig
0
rayluvsAuthor Commented:
Ok understood.

Thank you very much.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
When you are ready to build, just give us a new question with more details and we can give you more detailed answers for your own project.

Good luck!
0
rayluvsAuthor Commented:
Actually, for now is no building.  Is more on knowledge.  We did place a question.  It would be great if you can followup on it:

http://mobile.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_28236708.html#a39484307
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.