Secure Sockets Layer
SSL consists of a digital certificate, hosted on the web server, which:
- Your browser checks against a third party certificate authority to authenticate that the web server is genuine and can be trusted
- Provides a public encryption key that is needed for the encryption of data to and from the web server
You can tell that your connection to a website has been secured using SSL because:
- You will see HTTPS before the website URL
- There may be a padlock in the browser address bar
- The browser address bar may turn green
It is not necessary to use SSL to secure a website unless you intend to deal with the transmission of passwords, personal or financial information.
The stages when accessing a secure website:
- The web browser attempts to connect to a web site which is secured by SSL
- The web browser requests the web server to identify itself
- The web server sends the web browser a copy of its SSL certificate
- The web browser checks whether the SSL certificate is trustworthy; if it is then a message is sent back to the web server to confirm this
- The web server will then send back some form of acknowledgement to allow the SSL encrypted session to begin
- The encrypted data is then shared securely between the web browser and the web server
Transport Layer Security (TLS)
This more recent protocol is similar to SSL but with some improvements. TLS allows for session caching, a method of resuming an existing secure connection rather than establishing a new one.
The TLS protocol comprises two layers: the TLS record protocol and the TLS handshake protocol.
- The handshake protocol is used to exchange all the information needed by both computers in order to establish a secure SSL/TLS connection
- The record protocol handles the actual data and it’s encryption