cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New

Errors in GoDaddy's SSL Certificate page

https://au.godaddy.com/web-security/ssl-certificate

 

1. The page uses the illiteracy 'an SSL' instead of 'an SSL Certificate'. Please don't do this. SSL is a protocol, not a thing you buy.

 

2. 'Our SSLs use SHA-2 and 2048-bit encryption to protect sensitive data. It’s the strongest encryption on the market today and it is virtually uncrackable.'  (a) SHA-2 is a digest method, not an encryption method. (b) 2048-bit encryption is only used at one phase of the SSL handshake, and then only if the key agreement protocol chosen was DH, which it typically is not.

 

3. 'All information passing to and from your website is now scrambled by 2048-bit encryption that's virtually unbreakable by hackers'. This is completely incorrect. The handshake uses the 2048-bit keys associated with the certificate, but the ongoing session uses a much shorter session key. If it used 2048-bit encryption it would be unusably slow.

 

These are common errors and misconceptions but there is really no excuse for an SSL Certificate provider to perpetrate them.

2 REPLIES 2
Community Manager
Community Manager

Re: Errors in GoDaddy's SSL Certificate page

Hi @EJP. Thanks for the feedback. We passed this information along to the right people and we'll definitely get any incorrect information replaced. Please keep in mind that while we want to have accurate information, the page in question is intended to provide a general explanation of what an SSL Certificate does. Once we update the page, it may not have all of the information you suggested. That would fit better in a technical white paper, which may come later. Still, it's great that you took the time to read all the content and give us such great feedback. We appreciate it!

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.
New

Re: Errors in GoDaddy's SSL Certificate page

That's all very well but part of this constitutes false advertising. I have just received an SSL certificate offer from you which clearly states that you are providing 'virtually uncrackable encryption' via SHA-2 and 2048-bit keys. This is simply false on all counts.