SSL

Security Socket Layer (SSL) is known as the standard security technology used in order to establish a link that is encrypted between a server and a client, often times between a web server or a website and a browser, or a mail server and a mail client.[1] This helps ensure that all the data passed between the web server and the browser will remain private and confidential. This has been used by millions of websites available. This helps them protect online transactions with their customers. This is one of the most widely deployed and used security protocols.[2] SSL is essentially considered as a protocol that really provides a channel that is safe and secured between two different machines that are operating over the internet and on an internal network.

Functionality

There are several websites that have been using SSL in order to secure the areas of their sites just like user account pages and online checkout systems. Typically, when a user will be asked to "log in" on a website, the resulting page will be secured by SSL which will encrypt the data that will be transmitted so that a third party will not be able to eavesdrop during the process of transmission. This prevents others from being able to view the data that is being transmitted. Only the user's device and a secure server will be able to recognize and decrypt the data. SSL helps in keeping the name, address, and credit card information between the user and the merchant to which the user is giving or providing it. If there is no encryption of this kind, online shopping sites would not be able to provide the necessary security to conduct monetary transactions through the web. If a user will visit a web address or website that has "Https" in it, the letter "s" after the letters "HTTP" indicates that the website is safe and secured by an SSL protocol. Most of the time, several websites use SSL certificates in order to verify authenticity.

The SSL is most widely known and seen on the web. It can also be used to secure other Internet Protocols just like SMTP, which is often utilized for sending an email and NNTP for newsgroups. Today, SSL can secure protocols by using 128-bit or even higher forms of encryption.[3] It works in a way that, if a web browser will try to connect to a website by the use of SSL, first, the browser will request the web server identity, itself. It will prompt the web server to send the browser a copy of the SSL certificate. The browser will check in order to see if the SSL certificate is trustworthy. If it can be trusted, then the browser will send a message to the web server. The server will respond to the browser with a digitally signed acknowledgment to start an SSL encrypted session. With this, it will allow encrypted data to be shared between the web browser and the web server. Lastly, it will be noticed that the browsing session will open and start with https and not HTTP anymore.[4] The most important thing of an SSL certificate is that it should be digitally signed by the trusted CA, just like other digital certificates. The web browsers will only trust certificates that come from an organization that is on their list of trusted CAs because anyone can just create a random, edited, and even falsified certificate. The importance of an SSL certificate issued by a CA is that it verifies that a third party has authenticated the organization’s identity. Since the browser already trusts the CA, then the browser, now, will trust the identity of the organization too. The browser will help let the user know that the website is well secured and the user can feel safe when browsing the site and even when entering confidential information.[1:1]

SSL Objectives

The following are the main objectives of SSL:

Data Privacy

The user's privacy is ensured by a series of protocols including the SSL Record Protocol, SSL Handshake Protocol, SSL Change Cipher Spec Protocol, and SSL Alert Protocol.

Authentication of the Client Server

The SSL protocol uses a standard cryptographic technique that will authenticate the client and the server.

Data Integrity

All data is protected and secured from being tampered. This ensures that no changes to the packets or the information are made.

SSL User Benefits

Among others, SSL provides a number of benefits to online users.

The users will surely know that they are communicating with the intended recipient because if there are two parties communication on the internet, finding out whether the users are really interacting with the intended other party is really hard. With the use of SSL, the uncertainty about the said situation will be really removed as the SSL connection will allow the users to authenticate the website before the transmission of data will commence.

The users will be able to build trust with the visitors and will improve conversion rates. With the help of a certificate from a trusted certificate authority will produce a padlock to the site of the users because the certificate is fully recognized by all major browsers of the internet and mobile devices.

The traffic to the users’ website may increase. This one benefits for those who have businesses because the more traffic that the users will get, the better for the business.[5]

History

SSL was developed in 1994 by Netscape. It was developed in order to respond to the growing concern of the users over security issues on the internet. It was originally developed to secure communications between a web server (website) and web browsers regardless of the operating system. However, the original version of SSL was never made available to the public due to several security issues.[6] More recently, Transport Layer Security (TLS) was developed as an upgraded security protocol. Currently, TLS 1.0 is more commonly used. This was conceptualized and based from the 3rd version of SSL (SSL 3.0).[7]


  1. https://www.digicert.com/ssl/ ↩︎ ↩︎

  2. https://www.globalsign.com/en-ph/ssl-information-center/what-is-ssl/ ↩︎

  3. https://techterms.com/definition/ssl ↩︎

  4. https://www.webopedia.com/TERM/S/SSL.html ↩︎

  5. https://www.comodo.com/resources/small-business/about-ssl.php ↩︎

  6. https://www.acunetix.com/blog/articles/history-of-tls-ssl-part-2/ ↩︎

  7. https://sites.google.com/site/tlsssloverview/history ↩︎