What is the SSL protocol? Usefulness of SSL/TLS?
The SSL protocol, an acronym for secure sockets layer or SSL, was the most widely used encryption protocol to guarantee the security of Internet connections until the creation of an improved version, the TLS protocol (acronym for transport layer security) in 1999. .
SSL creates a secure channel to establish communication between two computers or devices, this can be done over the Internet or a local network. A common example of the use of SSL is in the protection of communications between a web browser and a web server.
The SSL protocol changes the address of the website that has the corresponding SSL certificate from HTTP to HTTPS, where the “S” at the end means: security.
1. How does the SSL protocol work?
In the SSL protocol, both asymmetric and symmetric cryptography are used, in the first case to exchange the keys that, in turn, will be used to generate the information encryption, using a symmetric algorithm.
We are going to see an example of the use of this SSL protocol in combination with the HTTP protocol. When we connect to a website, the website must have an SSL certificate. It would be like this:
- The visitor makes an HTTPS request from their browser to the website they wish to access. The server where the website is hosted sends the certificate with the public key for the website. If it doesn’t exist, it will display an error.
- The visitor’s browser checks that the certificate is trusted. If this is not the case, it will indicate to the user that it is not a secure site and that they can accept the certificate at their own risk.
- After that, the browser will generate a symmetric cryptographic key, which will be encrypted using the server’s public key and sent to the website’s server.
- After that, the communication between the browser and the web server will be established in a secure way, and the exchange of information will be encrypted in both directions.
2. TLS and HTTPS protocols
The TLS protocol has been created to update SSL, it is the acronym for transport layer security and is used for many different tasks, in addition to using it in communications with HTTPS websites.
TLS improves security and privacy in connections, to prevent data from being intercepted, and offers better speed and performance than SSL.
HTTPS is the acronym for hyper text transfer protocol secure. A website is protected when: it uses an SSL/TLS certificate, symmetric and asymmetric encryption algorithms, and also key exchange, thus correctly using the HTTPS protocol.
Therefore, the HTTPS protocol requires an SSL/TLS certificate. It is the best known by any type of Internet user since the browser shows a lock, referring to security, next to the domain name when we connect to an HTTPS site.
3. Examples of use of the SSL/TLS protocol
Every day, even without realizing it, we are using countless exchanges of information and establishing connections with multiple web servers. Therefore, the use of SSL/TLS for these tasks is essential to keep our communications safe.
Here are some of the most common examples in which you are surely using the SSL/TLS protocol:
- When opening our email client, since it has to connect to the server to update the inbox.
- When making credit card payments over the Internet or other types of online payments.
- By accessing mail servers through webmail, to send and receive emails.
- In a company intranet (internal network), when we access databases or share files.
- When we transfer files through HTTPS or through FTP.
- In general, at all times that we connect to applications and remote control panels, cloud services.