Secure Sockets Layer (SSL) is an encryption technology used to create an encrypted connection between a web browser and a web server so that sensitive information can be transmitted securely.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two encryption technologies used to secure certain types of network connections. Informally, both SSL and TLS are referred to as SSL. In reality, SSL is the predecessor to TLS.
TLS addressed certain vulnerabilities present in all versions of SSL. In order for a website to be considered truly secure, it now needs to be secured by TLS and not by SSL. In a situation where the distinction between SSL and TLS is critical, such as when selecting a host for an e-commerce site, the use of TLS rather than SSL should always be confirmed.
Multiple versions of both SSL and TLS are in use around the web to secure access to things like email, instant messaging, VoIP, e-commerce sites, social networks, and more. Websites accessed over a connected secured by SSL/TLS are noted by the inclusion of “s” following the HTTP protocol, like this: https://securewebsite.com.
Frequently Asked Questions
How does SSL/TLS work?
The way SSL/TLS works looks something like this:
- You use a browser to request access to a secure website.
- The website’s server sends its SSL/TLS certificate and public key back to your browser.
- Your browser ensures that the certificate is valid and creates a key that is unique to this specific session between your browser and the website’s server.
- The website server uses the unique key created by your browser to encrypt the web page and send it back to your browser.
- Your browser decrypts the page using the unique key and displays the information.
Since the key used to encrypt and decrypt the information being sent back and forth is unique to this specific session, and known only to the website server and the browser, if anyone happens to find a way to intercept the transmitted information, it will not be meaningful to them.
Who uses SSL/TLS?
The most common use of SSL/TLS is for securing the connection between a website and a website visitor over HTTP. SSL/TLS is also commonly used to secure FTP sessions between an FTP client and a server. SMTP email access can be secured with SSL/TLS encryption, as can NNTP transmissions of Usenet content, and instant messaging and VoIP services transmitted over an XMPP network.
What is HTTPS?
HTTPS is the term used to identify an HTTP connection that has been secured by SSL/TLS. If you are ever on a website and want to know if the website is using a secure connection, simply look at the URL. If it begins with HTTPS, the connection is secure, but if it begins with HTTP, the connection has not been secured.