This article was published on August 1, 2013

Facebook completes transition to HTTPS secure browsing by default

Facebook completes transition to HTTPS secure browsing by default

Facebook announced today that it is completing the implemention of secure HTTPS browsing for all users. The news comes two years after the company added the feature.


The company revealed that a third of its users opted in to the feature after it was first introduced. Now, all traffic to Facebook’s website and 80 percent of all going to the mobile optimized version will use a secure connection. The service uses Transport Layer Security (TLS), or Secure Socket Layer (SSL), to protect the connection.

Interestingly, adoption of secure browsing had been growing since 2011. The company said that the rate had reached 35 percent organically before Facebook began switching users over.


While Facebook has switched over to HTTPS by default, it still has more features in the works. The company plans to launch 2048-bit RSA keys, which Google recently began implementing, elliptic curve cryptography, ECDHE key exchange, certificate pinning and HTTP Strict TransportSecurity this fall.

For those interested in the gritty details of transitioning more than 1 billion users to HTTPS, Facebook Security Infrastructure software engineer Scott Renfro has more specifics in his post.

Image Credit: JOHANNES EISELE/AFP/Getty Images