SSL stands for ‘Secure socket Layer’ that is one of the widely deployed ‘cryptographic’ security protocol. SSL act like a safeguard in the way of sensitive communication over the internet. SSL creates the secure channel between devices that are operating over the internet and it secure the information on the browser.
SSL works with HTTP ‘Hyper Text Transfer Protocol’ with extension of ‘S’ means secure socket layer.
As HTTP is responsible of transferring of data like video, images or mp3 file etc. over web based communication so alone HTTP is an insecure protocol and the communication that been done over the HTTP can be reviewed by any unauthorized person, so to overcome this problem SSL extension is attached with HTTP and it becomes HTTPS.
Following are the main functionalities of SSL.
Encryption protects the data transmission.
Ensures the correctness of server.
- Data Integrity
Data integrity is the maintenance and assurance of accuracy and consistency of data over its entire life cycle.
Why is this important? The nature of the Internet means that your customers will be sending information through several computers. Any of these computers could pretend to be your website and trick your users into sending them personal information. It is only possible to avoid this by getting an SSL Certificate from a trusted SSL provider.
Why are SSL providers important? Trusted SSL providers will only issue an SSL certificate to a verified company that has gone through several identity checks. Certain types of SSL certificates, like EV SSL Certificates, require more validation than others. How do you know if an SSL provider is trusted? You can use our SSL Wizard to compare SSL providers that are included in most web browsers. Web browser manufactures verify SSL providers. Which are following specific practices and have been audited by a third-party using a standard such as Web Trust.
Working of the SSL
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake”.
- SSL starts to work after the TCP connection is established, initiating what is called a SSL handshake.
- The server sends its certificate to the user along with a number of specifications (including which version of SSL/TLS and which encryption methods to use).
- The user then checks the validity of the certificate, and selects the highest level of encryption that can be supported by both parties and starts a secure session using these methods. There is a large number of sets of methods available with various strengths – they are called cipher suites.
- To guarantee the integrity and authenticity of all messages transferred, SSL and TLS protocols also include an authentication process using message authentication codes (MAC). All of this sounds lengthy and complicated but in reality it’s achieved almost instantaneously.
Three keys are used in setup the SSL connection session, private and public keys. Information is encrypted with the public key and decrypted with the private key, and after the initiation of secure connection the session key is responsible to encrypt all transmitted data.
SSL can be used to secure the following: –
- Online credit card transactions.
- Web-mail servers.
- System logins to application.
- Virtualized application and cloud based platforms.