How does SSL / TLS work?

• In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that is nearly impossible to decrypt.
• SSL initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be.
• SSL also digitally signs data in order to provide data integrity, verifying that the data has not been tampered with before reaching the intended recipient.

There have been several iterations of SSL, each more secure than the last. In 1999, SSL was updated to become TLS.

Why is SSL/TLS important?

Originally, data on the web was transmitted in plain text that anyone could read if they intercepted the message. For example, if a consumer visited a shopping website, placed an order, and entered their credit card number on the website, that credit card number would travel across the Internet without any concealment.

SSL was created to correct this problem and protect user privacy. By encrypting any data that passes between the user and a web server, SSL ensures that anyone who intercepts the data can only see a scrambled mess of characters. The consumer’s credit card number is now secure, visible only to the shopping website where they entered it.

SSL also stops certain types of cyber attacks: it authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data. It also prevents attackers from tampering with data in transit, like a tamper-evident seal on a medicine container.

Are SSL and TLS the same thing?

SSL is the direct predecessor of another protocol called TLS (Transport Layer Security). In 1999, the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this update was developed by the IETF and Netscape was no longer involved, the name was changed to TLS. The differences between the final version of SSL (3.0) and the first version of TLS are not drastic; the name change was applied to signify the change in ownership.

Because they are so closely related, the two terms are often used interchangeably and confused. Some people still use SSL to refer to TLS, while others use the term “SSL/TLS encryption” because SSL still has a lot of name recognition.

Is SSL still up to date?

SSL has not been updated since SSL 3.0 in 1996 and is now considered deprecated. There are several known vulnerabilities in the SSL protocol, and security experts recommend discontinuing its use. In fact, most modern web browsers no longer support SSL at all.

TLS is the up-to-date encryption protocol that is still being implemented online, although many people still refer to it as “SSL encryption”. This can be a source of confusion for someone shopping for security solutions. The truth is that any vendor offering “SSL” these days is almost certainly providing TLS protection, which has been the industry standard for more than 20 years. But since many people still search for “SSL protection”, the term still appears prominently on many product pages.

What is an SSL certificate?

SSL can only be implemented by websites that have an SSL certificate (technically a “TLS certificate”). An SSL certificate is like an ID card or badge that proves who someone is. SSL certificates are stored and displayed on the web by the website’s or application’s server.

The website’s public key is one of the most important pieces of information in an SSL certificate. The public key makes encryption and authentication possible. The user’s device displays the public key and uses it to establish secure encryption keys with the web server. Meanwhile, the web server also has a private key that is kept secret; the private key decrypts data that has been encrypted with the public key.

Certificate Authorities (CAs) are responsible for issuing SSL certificates.

What are the types of security certificates?

There are several different types of SSL certificates. A single certificate can apply to one website or multiple websites, depending on the type:

• Single domain: A single-domain SSL certificate applies to only one domain (a “domain” is the name of a website, such as www.ezznology.com).
• Wildcard: Like a single-domain certificate, a wildcard SSL certificate applies to only one domain. However, it also covers subdomains of that domain. For example, a wildcard certificate could cover www.ezznology.com, blog.ezznology.com, and developer.ezznology.com, while a single-domain certificate could only cover the first one.
• Multi-domain: As the name suggests, multi-domain SSL certificates can apply to several unrelated domains.

SSL certificates also come with different validation levels. A validation level is like a background check, and the level changes depending on the thoroughness of the check.

• Domain Validation: This is the least stringent level of validation and the least expensive. All a business has to do is prove that they control the domain.
• Organization Validation: This is a more hands-on process: the CA directly contacts the person or business requesting the certificate. These certificates are more trustworthy for users.
• Extended Validation: This requires a full background check of the organization before an SSL certificate can be issued.