When to use SSL/TLS on your web server

The following list offers situations for which using Secure Sockets Layer/Transport Layer Security (SSL/TLS) is appropriate, and can help you decide whether to use SSL/TLS on your web server. It is not an exhaustive list, and you may encounter other situations when using SSL/TLS would be appropriate.

You should use SSL/TLS when transmitting the following types of data:

  • Authentication data (for example, passwords, session cookies)
  • Data that Data Stewards have classified as non-public
  • Data that needs to be protected from modification on its way to or from the server (for example, user input or a result set from the server)

It is important to remember that although SSL/TLS can protect the flow of information between your server and a web browser, using SSL/TLS does not offer any additional system-level security. You must maintain a rigorous security program in order to ensure that your server is secure; see Tips for staying safe online.

This is document alwg in the Knowledge Base.
Last modified on 2020-11-02 16:47:01.