SSL (Secure Sockets Layer)
Last updated
Last updated
SSL is an encryption-based security protocol developed by Netscape in 1995.
Ensures privacy, authentication, and data integrity in online communications.
SSL is the predecessor to TLS (Transport Layer Security), the modern encryption standard.
Data Encryption:
SSL encrypts data transmitted over the internet, making intercepted data unreadable.
Authentication:
SSL initiates a handshake process to verify the identity of both communicating devices.
Data Integrity:
SSL digitally signs data, ensuring that it hasn’t been tampered with during transmission.
Originally, data was transmitted in plaintext, vulnerable to interception.
SSL encrypts sensitive information (e.g., credit card numbers) to prevent theft.
Authenticates websites to avoid phishing attacks and ensures data isn’t altered.
TLS (Transport Layer Security) is the updated version of SSL, introduced in 1999.
SSL 3.0 (last version of SSL) is deprecated due to known vulnerabilities.
Most websites now use TLS, although many still refer to it as SSL.
Websites must have an SSL certificate (technically a TLS certificate) to implement SSL/TLS encryption.
Public key encryption is used for establishing secure communication.
SSL certificates are issued by trusted Certificate Authorities (CAs).
Single-domain: Covers one domain (e.g., www.example.com).
Wildcard: Covers one domain and all its subdomains (e.g., www.example.com, blog.example.com).
Multi-domain: Covers multiple unrelated domains.
Domain Validation (DV):
Basic level; verifies control of the domain.
Organization Validation (OV):
More involved; CA directly contacts the organization.
Extended Validation (EV):
Highest level; requires a full background check of the organization.
Cloudflare offers free SSL certificates with easy setup.
Some websites may need additional setup for their origin servers.