SoniXCast’s Relay Network now supports SSL (https)
For a while customers have been requesting SSL (https) support for the listen urls they give their listeners and for embedding on their secure websites and now we’re happy to announce that SSL support is finally here. Try it for yourself -> https://relay.sonixcast.com
Who needs SSL?
The https protocol is trusted by the internet community at large and bolsters the reputation of content providers. Hardly any serious provider (be it google.com or microsoft.com) would consider doing business without a secure connection to their website and more and more devices have begun requiring a secure (https) connection due to privacy concerns. Web browsers especially make it well known to the visitor whether the connection is secure or not and some security conscious listeners may actually move on if it is not. Therefore, it behoves all content providers (and radio stations) to offer SSL support on their website.
Those who already have SSL enabled will be able to eliminate the annoying ‘Mixed content types & security threats associated‘ message that usually is displayed when a unsecure link to their stream is embedded on their webpage. All-in-all offering SSL support will make your listeners trust you better and they will listen to your station longer.
SSL has been around for a while and is rich with configuration options. The challenge for us was to build a suite of profiles that would support as many devices and browsers as the less secure http protocol. The only practical way to achieve this was to test each device and browser type and generate logic that would enable or disable certain SSL features on a per device/browser basis. For example: Many older Java-based devices do not support TLS which is the defacto standard for smartphones. Or the browser application Internet Explorer 6 (IE6) (much more widespread as one would think) does not support encryption algorithms found in more modern browsers like FireFox or Chrome. Over 200 different devices and browsers have been tested and certified to date.
Now what do I do?
SSL (https) runs side-by-side with the http protocol, so there is nothing that you must do unless you want to. The Relay Network will continue to work as before. You just have the added option of using https instead of http in your listen urls if you like. End user devices and browsers will transparently handle the secure communication, so your listeners may not even notice the difference unless they are watching for it.
Performance and Scope
SSL is baked into just about everything, so theoretically there should be no performance difference between using http or https. There may be compatibility issues with older devices or browsers we have not yet certified where you might receive a security message, but with all the devices and browsers we’ve worked on, we think you will be hard pressed to find something that is not compatible.
Only AnyCastIP™ and the SoniXCast Media Server (SXMS) have been secured with SSL. The Redirect Network and direct stream access are as before unsecured. Read here for more information on the different types of networks that are offered to customers.
What is SSL?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys – a Private Key and a Public Key.
The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) – a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer’s web browser.
The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session. All SSL Certificates are issued to either companies or legally accountable individuals.
Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.