Posted in Information Technology & Systems, Total Reads: 381
Definition: SSL (Secure Socket Layer)
SSL is a security technology for establishing a link between a server (e.g. a website) and a client (e.g. a browser). The link is in encrypted form and hence secured. Basically SSL enables sensitive and confidential information like login credentials, credit card numbers and social security numbers to be transmitted in a secure manner.
Usually data sent between a browser and a client is in the form of a plain text and is hence vulnerable to an attack or eavesdropping. SSL prevents this attack and determines the variables of the encrypted link as well as the data being transmitted. Websites associated with SSL are called SSL-secured websites and begin with https (port 443 by default) instead of just http (port 80 by default). A padlock is displayed in the browsers URL with a green address bar for SSL secured websites. A cryptographic system is used by SSL to encrypt data. The system comprises two keys: a public key and a private key. The public key is known to all and the private one (also called secret key) is known only to the receiver of the message.
SSL certificates are issued by a Certificate Authority and are grouped into a “trusted root” certificate, owned by the authority. These certificates are then placed in a location called “certificate store” in web browsers like Chrome, Firefox etc. When a browser requests the server to access a website using SSL, it first requests the server identify itself. This signals the server to send a copy of the SSL certificate to the browser. The browser verifies if the certificate is trusted or not (whether it chains to a root in its store). If it is trusted then the browser sends another message to the web server which in turn responds to the browser by sending a digital acknowledgement to start the SSL session. This allows the data to be shared between the server and the browser. If the certificate is not chained to the a root in the certificate store then the end user is warned that the connection is not secured and therefore any confidential information should not be submitted.
SSL is mostly used on the Web (HTTP). Other protocols using SSL are SMTP for email services NNTP for newsgroups and FTP for transfer of files. Most SSL now use 128 bit encryption or even higher.