What is SGC?
Server-Gated Cryptography (SGC) was developed by Microsoft in the 1990s, which forced old browsers to “step-up” encryption from weak 40 or 56-bit to 128-bit.
Short history on SGC
Microsoft introduced SGC to satisfy demands after it recognised the legitimate need for stronger encryption in the 1990s, amid the cryptography export restrictions imposed by the US government.
After the restrictions were relaxed in 2000, manufacturers introduced web browsers which supported 128-bit encryption by default, subsequently phasing out SGC as a result.
Waning demand for SGC
As browsers were updated, SGC became increasingly deprecated and demand fell – only a small proportion of web browsers still relied on SGC in 2012 and by 2015 this has fallen to insignificant levels.
Why is SGC deprecated?
- Unaddressed browser vulnerabilities – Users are exposed to outdated browser vulnerabilities
- Unsupported updates and revisions – The latest SSL/TLS protocol revisions and vulnerability fixes are not supported
- Unsupported EV SSL classification - Classifications introduced after 2000 e.g. EV are not supported
- SGC is obsolete – Browsers are now capable of 128-bit encryption by default
SGC is now deprecated, but demand has only grown for encrypted SSL sessions. If you want stronger encryption to boost customer trust, ECC powered SSL certificates provides greater cryptographic strength than standard certificates of equivalent size. ECC generates smaller key lengths, which translates to lower bandwidth consumption – ideal for mobile devices.
A 256-bit ECC certificate has the equivalent cryptographic strength of a gigantic 3072-bit standard SSL, only faster – offering superior encryption without sacrificing online customer experience.
Discover our range of ECC compatible SSL certificates now, or if you have any questions about ECC feel free contact one of our consultants for a free no-commitment consultation today.