SSL Definition
The SSL (Secure Socket Layer) protocol is the predecessor of the TLS protocol “Transport Layer Security.” These are cryptographic protocols that provide privacy and integrity in communication between two points in a communication network.
This guarantees that the information transmitted by a said network cannot be intercepted or modified by unauthorized elements. Thus ensuring that only legitimate senders and receivers are those who have access to the communication in full.
Uses
Considering an OSI (Layered Network Architecture) model, the use of the SSL protocol is between the application layer and the transport layer.
One of its most widespread uses is that which is carried out together with the HTTP protocol. And also giving rise to the HTTPS or secure version of HTTP.
The use of SSL is for hypertext transfer (Websites) securely. In this way, it secures the information transmitted between a website and a user (both ways). Especially important when it comes to sensitive data: confidential data, passwords, bank information, personal images, etc.
How does the SSL Protocol work?
In the SSL protocol, it uses both asymmetric and symmetric cryptography. The use of first is to perform the exchange of the keys, the use of which in turn will be to encrypt the communication through the symmetric algorithm.
In the case of websites, for the operation of this protocol, what you need to use is an SSL certificate.
The web server will have one installed and when a client tries to access it. It will send it with the public key of the server to send in this way the key that the use of it is to make the connection securely through symmetric encryption.
Using a specific example, let’s explain how the SSL / TLS protocol combined with HTTP works, to give rise to the secure version of HTTP or HTTPS.
To do this, we will go to detail step by step. What happens when a client accesses a website of a server with an SSL certificate through the HTTPS protocol:
- A user makes a secure HTTP request through a browser to a website.
- The server where the hosting of the website sends (if it has one) the certificate that includes the server’s public key. If you do not have an SSL certificate, an error will occur.
- The browser verifies that the CA is trusted. Otherwise, it will ask the user to accept the certificate under his responsibility.
- At this point, the browser will generate a symmetric key, which will be encrypted using the server’s public key to be sent securely to it.
In this way, there is already a secure establishment of communication. And will encrypt in both directions using the key generated in the previous point.