TL;DR: A protocol for encrypting data transmissions on the Internet that is used to ensure the confidentiality and integrity of data.
Secure Socket Layer (SSL) is a standard security protocol that was developed to encrypt and protect the transmission of data between web servers and browsers. Although SSL itself is obsolete and has been replaced by Transport Layer Security (TLS), the term SSL is still often used to describe this type of encryption.
Main objectives of SSL:
- Encryption: SSL encrypts the data that is transferred between the web server and the user's browser. This ensures that the data cannot be intercepted or read by third parties during transmission.
- Authentication: SSL ensures that the data is sent to the correct server and that the server with which the user is communicating is genuine. This is achieved through digital certificates issued by trusted certification authorities (CAs).
- Data integrity: SSL ensures that the transmitted data cannot be changed or manipulated without this being detected. This is achieved using cryptographic hash functions.
How SSL works:
The SSL process can be divided into several steps:
- Handshake process:
- Connection setup: The user's browser attempts to establish a connection to the web server, which is secured by SSL.
- Certificate verification: The web server sends its SSL certificate to the browser. The browser checks the certificate against a list of trusted certification authorities (CAs).
- Key exchange: If the certificate is classified as trustworthy, a shared session key is created. This is done by exchanging encrypted information to ensure that only the browser and the server know the key.
- Encrypted communication:
- Data transmission: After the handshake, all data traffic between the browser and the server is encrypted. This protects the data from interception and manipulation attempts.
SSL certificates:
SSL certificates are small data files that are bound to a cryptographic key and installed on a web server. They make it possible to create secure connections from a web server to a browser. An SSL certificate usually contains the following information:
- The domain name for which the certificate was issued
- The name of the person, company or organisation for which the certificate was issued
- The issuing certification authority (CA)
- The expiry date of the certificate
- The public key of the certificate
Types of SSL certificates:
- Domain Validated (DV): Only verifies the domain ownership.
- Organisation Validated (OV): Verifies domain ownership and additional company information.
- Extended Validation (EV): Provides the highest level of verification, including a thorough review of the company.
Application of SSL:
SSL is widely used to ensure the security of websites, especially for e-commerce websites, online banking, email services and any other type of online communication where sensitive data is transmitted. Websites that use SSL can be easily recognised by the "https://" in the URL and the lock symbol in the address bar of the browser.
Conclusion:
Secure Socket Layer (SSL) is a fundamental security protocol designed to ensure the confidentiality, integrity and authenticity of data transmitted over the Internet. Although SSL has technically been replaced by TLS, the term SSL remains synonymous with securing internet connections and protecting sensitive data.