# SSL (Secure Sockets Layer)

<figure><img src="https://1588585907-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MTwgToRvLjYdjfpAVgP%2Fuploads%2FsNAYbKFE2iJfZn5IIEMV%2Fimage.png?alt=media&#x26;token=22c3536b-752c-4a9a-8c75-edc5a409b0ba" alt=""><figcaption><p><a href="https://www.cloudflare.com/en-ca/learning/ssl/what-is-ssl/">https://www.cloudflare.com/en-ca/learning/ssl/what-is-ssl/</a></p></figcaption></figure>

## SSL (Secure Sockets Layer) Overview

* SSL is an encryption-based security protocol developed by Netscape in 1995.
* Ensures privacy, authentication, and data integrity in online communications.
* SSL is the predecessor to **TLS (Transport Layer Security)**, the modern encryption standard.

## How SSL/TLS Works

1. **Data Encryption**:
   * SSL encrypts data transmitted over the internet, making intercepted data unreadable.
2. **Authentication**:
   * SSL initiates a **handshake** process to verify the identity of both communicating devices.
3. **Data Integrity**:
   * SSL digitally signs data, ensuring that it hasn’t been tampered with during transmission.

## Importance of SSL/TLS

* Originally, data was transmitted in **plaintext**, vulnerable to interception.
* SSL encrypts sensitive information (e.g., credit card numbers) to prevent theft.
* Authenticates websites to avoid **phishing** attacks and ensures data isn’t altered.

## SSL vs TLS

* **TLS** (Transport Layer Security) is the updated version of SSL, introduced in 1999.
* SSL 3.0 (last version of SSL) is deprecated due to known vulnerabilities.
* Most websites now use TLS, although many still refer to it as **SSL**.

## SSL Certificates

* Websites must have an **SSL certificate** (technically a TLS certificate) to implement SSL/TLS encryption.
* **Public key** encryption is used for establishing secure communication.
* SSL certificates are issued by trusted **Certificate Authorities (CAs)**.

### Types of SSL Certificates

* **Single-domain**: Covers one domain (e.g., [www.example.com](http://www.example.com/)).
* **Wildcard**: Covers one domain and all its subdomains (e.g., [www.example.com](http://www.example.com/), blog.example.com).
* **Multi-domain**: Covers multiple unrelated domains.

### SSL Certificate Validation Levels

1. **Domain Validation (DV)**:
   * Basic level; verifies control of the domain.
2. **Organization Validation (OV)**:
   * More involved; CA directly contacts the organization.
3. **Extended Validation (EV)**:
   * Highest level; requires a full background check of the organization.

## Obtaining an SSL Certificate

* **Cloudflare** offers free SSL certificates with easy setup.
* Some websites may need additional setup for their origin servers.