Hi there, how are you doing today? I hope that that cool title got you to click on this link to read my blog. Well I'm glad you did, and hopefully, by the time you finish reading this you'll leave by learning something new. Let's not waste any more time and jump right into shall we?
Let's start from the top and just break down what the heck SSL and TLS even stand for. SSL stands for Secure Socket Layers, while TLS stands for Transport Layer Security. SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, applications, and users. A cryptographic protocol is simply a set of rules or instructions that are designed to allow for secure communication through an unsecured network.
Note: If you see this lock in your web browser then you know that the connection is secure.
Now that we have a basic understanding of what SSL and TLS are and what they are used for let's dig a little deeper into how each of them relates to each other. First up is SSL.
Secure Socket Layer (SSL), was originally developed by Netscape Communications in 1994 which was twenty-six years ago. SSL was created as a solution for the increasing concern around cyber and internet security. Up until 1999 when Transport Layer Security (TLS) was developed, SSL had been the industry standard to ensure sensitive data was protected from hackers and unwanted third parties. Here is how a typical SSL connection works:
1.) When a browser visits a website and communicates with a server, provided the site has an SSL certificate, the client and server begin what is known as the SSL handshake.
2.) The first step of the SSL handshake involves the browser checking if the SSL certificate is legit or not, to ensure the connection is trustworthy before continuing.
3.) Every SSL certificate has two keys, a public key and a private key. Together the job of both public and private keys are to handle the encryption and decryption of data to communicate securely during the SSL handshake so third parties won't be able to just eavesdrop on senstive data.
4.) After the client confirms the SSL certificate is valid using the public and private keys, the client and the server create what’s known as a session key, this is a third key. The session key is used for the remainder of the secure connection.
Like stated previously, SSL had been the industry standard up until 1999 when TLS was proposed by the Internet Engineering Task Force (IETF). The Internet Engineering Task Force is just an open standards organization, which develops and promotes Internet standards. TLS evolved directly from its predecessor SSL. Actually the first TLS version 1.0 actually began development as the last version of SSL which was SSL version 3.1, however the name of the protocol was changed before publication in order to indicate that it was no longer associated with Netscape. Because of this history, the terms TLS and SSL are sometimes used interchangeably.
The latest version of TLS, TLS version 1.3, was released in March of 2018 and came with a bunch of new features and improvements to previous versions. When talking about TLS, its always important to keep in mind that it was bulit upon its predecessor SSL so they both have many similarites. Some of the improvements include faster performance, less latency, and of course enhanced security.
With the internet evolving and expanding so quickly, along with the amount of people and information that is on the internet right now it is nice to have reassurance that your information is being protected. With that in mind, always look for that padlock next time you are passing sensitve information over the internet and let SSL and TLS relieve your stress. Hope you enjoyed this read, have a good one!
Top comments (0)