How SSL/TLS encryption works

What is SSL and TLS?

SSL stands for Secure Socket Layer. This is a standard technology for keeping data in the internet secure. It does this by encrypting communication between two internet devices. These two could be a client device eg browser and a server or a server and another server. Information transmitted over the internet can be viewed by criminals if not encrypted. Thus the work of SSL is to come in between the communicating devices and scramble the data from one device during transition and only returns it to readable form when it reaches destination device.

TLS on the other hand is just an updated and a more secure version of SSL. It stands for Transport Layer Security. Some of the SSL certificates we buy, like those from Symantec, are actually TLS but we simply refer to them as SSL as it’s the more commonly used term.

How the encryption works

When setting up an SSL certificate on a server, at least two files are needed: Private key and Certificate. When the certificate is not self signed, an additional file is required, called a Certificate Signing Request (CSR). Once these files are created and installed, you can then use secure connection by typing https on the hostname eg https:truehost.co.ke. The steps below are carried out to encrypt the communication between a browser and server:

  1. A browser attempts to connect to a web site secured with SSL. The browser requests that the web server identify itself.
  2. The server sends the browser a copy of its SSL certificate.
  3. The browser checks whether it trusts the SSL certificate. If so, it sends a message to the server.
  4. The server sends back a digitally signed acknowledgment to start an SSL encrypted session.
  5. Encrypted data is shared between the browser and the server.

This whole process takes just a fraction of a second. Technically though, a site with SSL loads a bit slower than one without – due to the overhead of verification added as explained above. However, this is a compromise that must be taken as the difference in speed isn’t very significant to us, but the fruits of the encryption are.

Take it like a security search when you are getting into a building. It may take you a few more seconds to reach your destination when entering the building, but it’s worth it as it’s going to ensure your security.

Was this article helpful?

Related Articles

Leave A Comment?