What is SSL Protocol ?
Secure Sockets Layer, or SSL for short, is an encryption protocol designed to secure the exchange of information over the Internet. Netscape developed the SSL protocol for the secure and encrypted transfer of information.
Almost all standard browsers, including Firefox, Internet Explorer, Opera, Google Chrome, and Safari, support this feature. We will learn more about this encryption protocol later.
What is SSL?
Information and data are transmitted over the Internet by default over the HTTP protocol or HyperText Transfer P protocol. In this protocol, data is not encrypted and can be read by other people. For example, if you transfer your password and personal information to a server under this protocol, this information may be visible through the Internet server. So many Internet-based services use another protocol to transfer data between the server and the client.
This SSL security protocol encrypts the information using private and public keys. The information encrypted by this protocol is decrypted on the other side. Security in this protocol is maintained at the source and destination of the information, i.e., the process of encryption and decryption takes place on both sides. Initially, this protocol was used only on sites that received sensitive user information such as personal information, bank account information, etc.
But today, this protocol is commonly used in most sites. Because the issue of user information security has become more important in the Internet world, on the other hand, using SSL security protocol on sites will be very useful in terms of SEO. Websites that use this protocol to encrypt data typically communicate with clients via the HTTPS protocol. To have a secure connection on the HTTPS platform for your site, you need to provide a valid SSL certificate.
Security in SSL protocol
In this protocol, the information exchanged between the server and the client is encrypted; Accordingly, this information will not be visible to third parties. Of course, it is still possible to access this data, but since they are encrypted, they need to be decrypted to view their data. It is impossible to decrypt this data without the key used in the secure communication session. Therefore, this protocol is practically impenetrable.
This is not to say that there is no way to steal information. Because this data is encrypted only along the transmission path between the server and the client, the original data is not encrypted on the server and client-side by the secure SSL protocol. As a result, this information may be stolen before encryption or after decryption, using malware or other methods. Data decryption and encryption keys may even have been stolen from a secure protocol server. However, there have been no reports of theft of information exchanged using this protocol to date.
Data encryption by SSL
Communicating via SSL requires prerequisites such as asymmetric keys (including a public key and private key) and a session key. As its name implies, the public key is readable by third parties. But the private key can only be used by the sender and recipient of the information.
This protocol can also use a combination of symmetric and asymmetric cryptography. In the symmetric encryption algorithm, the encryption and decryption keys are the same, but these keys are different in the asymmetric encryption algorithm. Asymmetric keys are located on the server, but the server and client create the session key to communicate SSL. The session key made by the client and the server is the same, or in other words, better symmetric. After a secure connection is established, the data is encrypted by two public keys (A public key) and a private key (A private key). The communication process in this method is as follows:
- The server sends a copy of its public key to the client (user’s browser).
- The client encrypts the created session key using the received public key and sends it to the server.
- The server uses its private key to decrypt the received information to access the session key.
- Finally, the server and the client encrypt and decrypt information using the session key. This process creates a secure communication path between the client and the server. Because only these two know the session key, this key was created only for this connection. These steps must be repeated whenever the connection between the server and the client is lost.
