SSL- Secure Socket Layer is a security protocol between the two communicating applications. In this post, we will focus on the questions.
- What is SSL?
- Why use it?
- How does it work?
What is SSL?
If you go by the SSL RFC6101, “The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications”. So in simple words, SSL is the Security agreement between the two parties in communication.
Here is an Example, where you can see SSL working:
Here you can see that the standard http is replaced by https, plus you can see a Lock symbol.
The https in the URL tells Browser that the connection between the client(Browser) and Server(Here it is youtube) must be secured using SSL.
The Lock symbol is called the padlock. It means the connection is secure with SSL. If you don’t find the padlock, it means that the page doesn’t use SSL.
Why use it ?
Security is a major concern in today’s world. Since our data is sent to the outer world through so many untrusted networks, we need a way to secure it. SSL protocol provides us exactly what we need. It sets certain guidelines for the encryption protocols to be used, what keys need to be used for the encryption/decryption and some other agreements regarding the communication. A detailed description of how SSL protocol works will be in the future post(s).
How does it work ?
We use SSL in the form of SSL certificates. The certificates are exchanged between the two communicating parties. Most common scenarios are while accessing a website, bank transactions etc. Either one or both the parties install the SSL certificate. After installation of the certificate, one of the party initiates the connection and both exchange their certificates, which are validated against the trusted store of the receiving party. After certificate validation, the other guidelines and agreements are made between the two parties. Once the agreement is set, the two parties start exchanging the data. After the exchange of data is over, the connection is closed.
So this is What, Why and How of SSL.
In next post, I’ll be going over more details of SSL.