Introduction to SSL/TLS

TLS is the successor protocol to SSL. TLS is an improved version of SSL

Introduction to SSL/TLS

Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. TLS works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.

How does TLS/SSL Works

TLS uses a technology called public-key encryption. there are two keys 1. public-key 2. private key

when a client(browsers) requests something (opens a connection) with the server, then the client and server machine uses the public key(by client) and private key(server) to agree on a new key called session key to encrypt further communication between them.

When a client opens a channel with a server, possessions of the private key that matches with the public key is the website’s SSL certificate proving that the server is actually the legitimate host of the website.

All HTTP requests and responses are then encrypted with these session keys.

Are SSL/TLS the same?

SSL= Secure Socket Layer TLS =Transport Layer Security in 1999 internet engineering task force proposed an update to SSL. Since this update was being developed by IETF and NETSCAPE(SSL protocol was developed by Netscape) was not involved, the name changed to TLS.

SSL has not been updated since SSL3.0 in 1996 and is now considered deprecated. while TLS is up to date.

What is the SSL certificate?

  • SSL can only be implemented by a website that has an SSL certificate.

  • One of the most important piece of info in an SSL certificate is the website’s ‘PUBLIC KEY’

  • Certificate authorities(CA) are responsible for issuing the SSL certificates.

Types of SSL Certificate

Single domain — Applies to one domain only

Wild Card — Applies to one domain but also includes the domain’s subdomain

Multi Domain — Applies to multiple unrelated domains

SSL Certificate Validation Levels

Domain Validation- Least strongest validation, cheapest, the business has to prove they control the domain

Organization Validation — More trustworthy, CA directly contact person/business.

Extended Validation — Requires full BG check of an org.

Happy Learning ….👏👏👏