What is SSL or SSL protocol?
Secure Sockets Layer, or SSL for short, is an encryption protocol for securing the exchange of information over the Internet. The SSL protocol came by for the secure and encrypted transfer of information. Today, almost all standard browsers, including Firefox, Internet Explorer, Opera, Google Chrome, and Safari, support this feature. We will learn more about this encryption protocol later.
What is SSL?
Data and data are over the Internet by HTTP or Hyper Text Transfer Protocol by default. In this protocol, data is not an encryption one and other people can see it. For example, if you transfer your password and personal information to a server under this protocol, it is possible that this information will be visible through the Internet server. Therefore, many Internet-based services used another protocol to transfer data between the server and the client.
This is the SSL security protocol that encrypts information using private and public keys. The information encrypted by this protocol is decrypted on the other side. Security in this protocol remains at the source and destination of the information, ie the encryption and decryption process takes place on both sides. Initially, this protocol was for only on sites that received sensitive user information such as personal information, bank account information, etc.
But today this protocol is in most sites. Because the issue of user information security has become more important in the world of the Internet. On the other hand, using SSL security protocol on sites will be very useful in terms of SEO. Websites that use this protocol to encrypt data typically communicate with clients via the HTTPS protocol. To have a secure connection on the HTTPS platform for your site, you need to provide a valid ssl certificate.
Security in SSL protocol
As mentioned, in this protocol, the information exchanged between the server and the client is an encryption one; Accordingly, this information will not be visible to third parties. Of course, it is still possible to access this data, but since they are encryption codes, they need to be decrypted to view their data. It is not possible to decrypt this data without the key used in the secure communication session. Therefore, this protocol is practically impenetrable.
This is not to say that there is no way to steal information. Because this data is only during the transmission path between the server and the client; But the original data is not on the server and client side by the secure SSL protocol. As a result, this information may not be before or after encryption using malware or other methods. Data decryption and encryption keys may even have been stolen from a secure protocol server. However, so far no report has been on the information using this protocol.
Data encryption by SSL
Communicating via SSL requires prerequisites such as asymmetric keys (including public key and private key) and session key. The public key, as its name implies, is readable by third parties. But the private key can only be the sender and recipient of the information.
This protocol can also use a combination of symmetric and asymmetric cryptography. In the symmetric encryption algorithm, the encryption and decryption keys are the same, but in the asymmetric encryption algorithm, these keys are different. Asymmetric keys are located on the server, but the session key is created by the server and the client to communicate SSL. The session key made by the client and the server is the same or better symmetrical. In this method, after a secure connection is established, the data is encrypted by two keys, public key and private key. The communication process in this method is as follows:
- The server sends a copy of its public key to the client (user browser).
- Using the received public key, the client encrypts the created session key and sends it to the server.
- The server uses its private key to decrypt the received information to access the session key.
Conclusion
Finally, the server and the client both encrypt and decrypt information using the session key. This process creates a secure communication path between the client and the server. Because only these two know the session key and this key was created only for the purpose of this connection. These steps must be repeated whenever the connection between the server and the client is lost.