What is SSL? A Beginner's Guide
The Secure Sockets Layer (SSL) protocol is a technique developed to allow secure communications between two computers across a network. The protocol involves a complex exchange of algorithms and keys that encrypts information so that no outside party can decipher the contents of a message. SSL has several common uses on the Internet. Emails that are encrypted with the protocol can be verified to ensure that the message originated from the listed sender. A more widespread use is to encrypt sensitive transmissions between a web browser and a website or server that might contain credit card numbers or passwords. Several different components make SSL possible.
The one element that must be established for any secure exchange between a web browser and a server is trust. Any server can implement SSL algorithms to send messages. Users need to verify the identity of the server since there are malicious hackers who could attempt to impersonate a website. SSL certificates provide this authentication. Certificates are digital files that verify the server or website sending information to a user.
Third-party entities known as certification authorities issue these certificates. The certification authority requires the website owner to go through a long process to verify identity in order to earn a certificate. A certificate contains information such as the website address, the name of the certifying authority as well as the physical address of the business. Web browsers can verify the validity of a certificate and will display warnings to the user if the certificate cannot be authenticated.
Encryption means taking a plain human-readable block of text and converting it into a long string of characters that make no sense. Decryption means converting the meaningless string back into the original message. The algorithms that are used for encryption and decryption require a special sequence of numbers known as a key. Anyone with a key can decrypt any message encrypted with the same key. This is known as symmetrical encryption because each side is using the same key. SSL encryption uses two keys in order to exchange information. There is a public key embedded in the SSL certificate and a private key known only to the recipient of each encrypted message.
If a web browser wants to start communicating with a secure website through SSL, then the first step that occurs is the handshake. The handshake allows the secure exchange of a symmetrical key that both sides will use for communications. The handshake starts when the browser requests the certificate from the server. The server sends the certificate and the browser verifies it. The browser then uses the public key in the certificate to encrypt the symmetrical key that will be used for future communications. The server receives the message and decrypts the symmetrical key using the private key known only to the server. This technique works because the public and private keys are mathematically linked although it is nearly impossible to extrapolate the private key from the public key.
All communications are encrypted once both parties have the same symmetrical key. Any information sent across the Internet will be safe because of the strength of the encryption. Using a symmetrical key instead of the asymmetrical method employed during handshaking allows the fast transmission and decoding of data. The symmetrical key is chosen randomly so that no two SSL sessions will be the same.
Each initial handshake results in a special session identification number. The server and the browser will continue to use the established symmetrical key for encryption as long as the session identification remains the same. Closing the connection to the server by leaving the website or shutting down the browser will invalidate the session identification in most cases. This means a new handshake will have to occur the next time the secure website is visited. This prevents malicious hackers from discovering the symmetrical key since it only exists for a short period of time.
Disclaimer: We work hard to offer you valuable and reliable information about all of the products and services we review. In order to provide you with this free service, we use links on our site that provide us with commissions for referring you to the seller's site. We guarantee that this does not influence the material we present, but may influence the positioning on our site, and only supports our efforts to offer you the best and most relevant information possible.