A recent Mozilla telemetry graph measure that approximately half of all traffic in transit is now encrypted, a more than 10% jump from last December. And on October 14, Josh Aas, director of Internet Security Research Group and formerly Mozilla, confirmed on Twitter that the initiative had generated more than one million new active certificates over the past week, which now totals up to over 7.5 million. This drastic increase in SSL is similar to the appearance of free SSL certificate authorities, as Let’s Encrypt or services offered by Cloudflare, Amazon or WordPress.
Let’s Encrypt, a non-profit effort that brings free SSL/TLS certificates to the web, was founded in December 2015. The initiative was founded by EFF, Mozilla, and the University of Michigan, and is sponsored by major companies Akamai, Cisco, Facebook, Chrome, the Internet Society and Mozilla. OVH joined the movement by becoming late 2015 as a platinum partner of the initiative. Free, Gandi and Gemalto also support the consortium. Since its launch, Let’s Encrypt has issued more than 5 million certificates in total, which was also 40% of internet traffic.
Let’s Encrypt provides the certificates free of charge through an automated process designed to cut through complexity and cost and allow more websites to accelerate the switch to HTTPS. Its ACME, or Automated Certificate Management Environment, is an open API that helps hosting providers and other users with creating, validating, installing and renewing certificates.
This rapid growth is a sign of the growing interest due to large-scale deployments from companies such as OVH, WordPress.com, Akamai, Shopify, Dreamhost, and Bitly. The organization’s goal for the entire web traffic to reach 100% HTTPS certificates means being able to help websites with the transition with transparency and ease-of-use.
The generalization of HTTPS is gaining support from major internet browser providers. Google Chrome has put its weight behind the announcement that Chrome will report unsafe sites that do not offer HTTPS beginning in January 2017. In addition, Google has committed to gradually promote the HTTPS sites and intends to flag unsecured connections.