SSL is a common term these days. You will no doubt have come across it while surfing, emailing or apping and asked yourself what exactly it is and what it is used for and why it comes up so often these days. In this article, we’ll explain all about SSL!
What is SSL and what does it do?
SSL is a technique used to a connection between two computers or devices secure and fully encrypted to set up.
In short, it ensures that the connection between both devices is encrypted and that if you intercept the traffic you will only see encrypted text and not plain text.
If you don’t do this, then someone intercepting the connection can really see everything that is sent over the line.
Suppose you log in via a connection without SSL to your online bank with your username and password, then this data is sent plain over the Internet connection. So if we were to intercept the connection, we would see your username and password exactly, and we could save it and use it to log in ourselves.
Once you connect to SSL, all the text you enter and send over the connection is fully encrypted and cannot be decrypted by anyone intercepting it. This makes the data passing over the line unusable and makes the connection considerably more secure!
What is HTTPS and TLS?
SSL comes with a whole load of additional terms you’ll see passed around the Internet. In the end, most of it is simply part of the SSL technique, but is just a different way of encryption or of how SSL works, for example.
What is HTTPS?
You will often see HTTPS in conjunction with a Web site. It ensures that the connection between your computer, tablet or smartphone and the website you are visiting is SSL-enabled and thus secure.
HTTPS stands for: “Hyper Text Transfer Protocol Secure.”
You can check if your website has HTTPS by looking at the lock icon in the address bar of your Internet browser. If there is a lock, as in the picture below, it means that the connection between you and the website has HTTPS security.
What is TLS?
TLS is a newer version of HTTPS / SSL and features some fixes for security issues that came to light in previous SSL protocols.
So again, it is just a little more secure, new and better built than the older SSL protocols.
TLS stands for: “Transport Layer Security.”
Below we have listed all SSL and TLS versions.
- SSL 1.0 - never released for public use due to security issues.
- SSL 2.0 - released in 1995. Expired in 2011. Has security problems.
- SSL 3.0 - released in 1996. Expired in 2015. Has security issues.
- TLS 1.0 - released in 1999 as an upgrade to SSL 3.0. Scheduled to depreciate in 2020.
- TLS 1.1 - released in 2006. Scheduled depreciation in 2020.
- TLS 1.2 - released in 2008.
- TLS 1.3 - released in 2018.
What is an SSL certificate?
Now that we’ve talked about SSL, HTTPS and TLS, you know what it is, what it’s for and what it can do. An SSL certificate, in this case, is an add-on to make SSL / HTTPS work properly.
An SSL certificate contains data about the website/app/software you are connecting to, such as the domain name, the certificate holder, the name of the authority and the country in which the certificate was issued. So it really is a certificate that shows that the applicant is a secure party.
With the paid EV certificates, the company behind it is really checked and you can be sure that you set up a secure connection with the company and not with another party.
How does SSL work?
The applicant of the SSL certificate gets a private key (secure key) and a public key that belong to the unique SSL certificate. The SSL certificate is placed on, for example, a website or an app.
Once you surf to the website, your browser downloads the public key. This is matched with the private key that is stored securely on the server where the website is located. If they match, if they pass the certificate check, a more secure connection will be established and you will see the padlock icon in your browser.
From that moment on, the connection between you and the server is secure. If the public key does not match the private key and the certificate, or the certificate has expired for example, you will receive a large error message. This error message indicates that the connection is not secure and clearly shows that it is not advisable to continue.
Roadmap of an SSL connection
- PC A asks PC B to establish a secure connection via SSL using, for example, an Internet browser.
- Both computers exchange certificates and verify the authenticity of the certificates in combination with the private and public keys.
- If the certificate, public and private keys are correct, then data can be sent securely. This could be the data you enter when logging in to your bank, for example, or a simple website page. The data is sent encrypted with a unique encryption.
- When the server has received the data, the data is decrypted again and the secure connection has been successful. If there is a response from the server this response will be encrypted again and your PC encrypts it again to read it.
Why is SSL actually mandatory these days?
-
It ensures at all times that the data exchanged between the visitor and the website are equipped with the highest encryption and therefore secure.
-
You do not get unsafe messages in Internet browsers and thus do not scare off visitors. As soon as you do not have an SSL / HTTPS certificate you will get a big error message in the internet browser.
-
All sensitive information is sent securely, so no data can leak through the connection between the visitor and the website.
-
SSL gives confidence. Because you get to see a green lock, visitors know that they are on a secure url and that gives confidence.
-
SSL is good for SEO and makes your website grow faster. A site that has a secure SSL / HTTPS connection will grow faster in Google than one that does not.