Opera is designed with the most advanced and widespread security measures available, making online purchasing simple.
Some sites may display a message that says "You do not have a secure browser; please download Netscape Communicator or Internet Explorer." The site designer may, mistakenly, believe that only those browsers support advanced security, even though Opera has levels of security that are as good as, or superior to, these browsers.
Changing how Opera identifies itself will often allow you to circumvent this problem. To do this, follow these steps:
Before you enter any information about yourself, especially credit card details, look for the security bar that should appear in the address field. On the security bar, there should be an icon that looks like a locked padlock. If you hover your mouse over the icon, you will see what kind of encryption the site uses. The organizational name of the security certificate holder should appear beside the padlock icon. See our advisory for more information. Additionally, selecting the security bar shows the security certificate information.
Some Web sites will open a separate window with the address bar hidden. In this case, Opera displays the security bar as a collapsed address field that shows the domain that the window belongs to. Before you enter any sensitive information, check that the domain matches the domain that you were expecting. You can also select the collapsed address field to show the full address field, and security bar.
Opera supports internationalized domain names (IDN), which allows domain names in languages such as Russian and Chinese to be written in their own native scripts. Opera will only allow certain combinations of scripts to be displayed in localized characters, unless the top level domain is trusted. Trusted top level domains are selected if they have established strict policies on the domain names they allow to be registered.
Encryption is a way of scrambling information so that only a legitimate recipient of that information can make it readable again. The most common form of encryption today is public key/private key encryption. Imagine a strongbox that has two keyholes and two separate keys. If you lock the box using one key, you can only unlock it with the other.
Hovering the padlock icon when visiting a secure server, you will see a string of text that looks something like this:
TLS v1.0 128 bit C4 (1024 bit RSA/SHA)
The first three letters will show what security protocol is used on the site. There are four common security protocols; in order from good to best, these are SSL version 2, SSL version 3, TLS 1.0, and TLS 1.1.
When you send or receive information from a site where Opera's icon displays "Secure", Opera and the Web site use a secret one-time key before sending the information. When you entered the secure page, Opera and the Web site used public keys to agree on that secret key. That is called a handshake. The key encrypts all the information sent and is used for this session only.
The level of encryption depends on the available key space, which means the number of possibilities available when generating keys. The more possible keys, the higher the security. For session keys, the most powerful form of encryption available in browsers today is 256-bit encryption. Opera does not support any method with less than 128 bit long session keys.
Regarding certificate keys offered by the Web site, Opera supports all valid key lengths for the RSA (Rivest, Shamir and Adleman (public key encryption technology)), DH (Diffie-Hellman (public key encryption algorithm)) and DSA (Digital Signature Algorithm).
The keylengths for RSA, DH and DSS keys cannot be compared directly with keylengths for methods like AES and 3DES; the strength of a 1024 bit RSA key is considered equivalent to an 80 bit key in the AES, a 2048 bit key is equivalent to 112 bits. Source: Sec.1 of RFC 4492 (http://www.ietf.org/rfc/rfc4492.txt)
Opera does not consider any keys for these methods secure if the length is shorter than 1000 bits, and displays a warning message about obsolete encryption methods if the key is shorter than 900 bits. These limits will be adjusted upwards in future updates of Opera.
Opera supports 128 and 256 bit AES (Advanced Encryption Standard), and does not support weak symmetric methods as of Opera 9.50. A security padlock is not displayed for any of the above scenarios that do not achieve a level 3 rating.
When rating the security level of a secure document, Opera considers the following items:
Only documents using the most secure methods — 3-DES or 128-bit C4 and public keys larger than approximately 1000 bits — get a level three rating. Opera has added support for EV (Extended Validation) certificates, which change the security toolbar to a green background containing the organization name with a different padlock.
Reputable online merchants have their public keys signed by authorities, which are trusted security firms. These firms issue digital certificates that contain the public key, signed in a way that can be automatically proven. To display your current list of authorities, select "Manage certificates". Opera, like all secure browsers, comes with a set of certificates. Most of the time, certificates are fully valid, and if there is something questionable about a certificate, a warning dialog will be displayed. You may choose to proceed, but full security cannot be guaranteed at this point. Warnings may say:
Important note: Serious, reputable Web sites should never trigger these warnings, or a message about revocation. If they cause such warnings or errors, you should inform the Web site owner about it immediately.
Some certificates are self-signed, which means that they are signed by the Web site owners themselves, and not an authority outside the organization. If you know that the signer can be trusted, and you want all sites using this signer to be considered as safe, install the certificate to add the signer to your list of authorities. Trusting self-signed certificates from, for example, your employer can be considered as safe.
It is unlikely that you will need to upgrade Opera's existing certificates, as most of them will not expire for a decade or more. The necessary updates are implemented with each new release of the Opera browser.
If you leave the authentication type for your login as "Auto", Opera will try the most secure authentication available and then work its way down the list should the first type fail. The authentication types available to you will depend on the mail server. Note that this will not encrypt your actual mail data, only your login. For information on using TLS or SSL to encrypt e-mail, see the Opera Mail tutorial.
For more information about encryption, please read the Understanding encryption levels article in our knowledge base.