Secure Socket Layer (SSL) is an encryption security protocol used by most modern websites to encrypt packets sent over the internet. It is implemented on top of the HTTP protocol, so the websites using this protocol have an "S" after the HTTP in their URL, and a padlock beside it which indicates the connection with the website is encrypted from end-to-end.
In 1995, Netscape released SSL version 2.0 after making some modifications to the theoretically flawed first version. Then in 1999, the Internet Engineering Task Force released SSL version 3.0 and termed it TLS (Transport Layer Security). After that, SSL and TLS were used synonymously to refer to SSL version 3.0.
SSL uses digital certificates that are signed using the owner's private key, ensuring authentication and data integrity by the protocol. These certificates are used to verify a public key belongs to a particular party to be contacted. After validating the certificate, this key is used to encrypt data shared with the owner of the certificate. This encrypted data can only be decrypted using the certificate owner's private key.
The protocol is initialized with a handshake between the client browser and the server, which is contacted by the browser. A typical TLS handshake involves:
By the end of this handshake, both the devices have derived the shared secret key, which they can use to encrypt all their communication. Unless the encryption protocol hasn't been broken already, the only parties that can see the contents of the packets being exchanged between the two devices are themselves. They're the only ones who have access to the shared secret key.
Modern browsers ship with 200+ valid certificates.
The X.905 certificate is a digital certificate that defines the PKI format (Public Key Infrastructure). It specifies the information about the certification required to validate it, encryption specifications, and the information of the certificate authority which issued the certificate.
Ideally, a client (browser) should only establish a connection with a website if the browser has validated the certificate.
Certificate authorities (CAs) issue certificates. Some prominent certificate authorities are Verisign, GoDaddy, GeoTrust, Comodo, DigiCert, and so on.
Given the protocol's measures, the need for additional computation power and more memory may arise. However, most recent versions of TLS have functionalities that speed up the handshake process to save up time and computational power.
Websites that do not use secure protocols should be avoided. More people are concerned about the safety of their private information on the internet. Developers and organizations can quickly obtain certification through services that provide SSL certificates for free and others that charge a certain fee.
View all Courses