Since the early days of the Internet, the SSL protocol and its descendant, TLS, have provided the encryption and security that make modern online commerce possible. The long history of these protocols has been marked by continuous updates designed to keep pace with increasingly sophisticated attackers. The next major version of the protocol, TLS 1.3, is coming soon—and most anyone running a website will want to upgrade, because cybercriminals are catching up.
What is SSL ?
Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that created the most popular web browser at the time.
SSL 1.0 was never released to the public, and SSL 2.0 had serious flaws. SSL 3.0, released in 1996, was a complete overhaul, setting the stage for what came after it.
It is important to know that there are several types of SSL certificates.
TLS vs. SSL
When the next version of the protocol was released in 1999, it was revised by the Internet Engineering Task Force (IETF) and given a new name: Transport Layer Security, or TLS. As the TLS specification notes, “the differences between this protocol and SSL 3.0 are not dramatic.” So it’s not really a matter of TLS versus SSL; instead, the two form a constantly evolving set of protocols, and they are often lumped together as SSL/TLS.
The TLS protocol encrypts all types of internet traffic. The most common is web traffic; you know your browser is connected using TLS if the URL in your address starts with “https”, and there’s an indicator with a lock telling you the connection is secure, like in this screenshot from Chrome:
But TLS can also be used by other applications, including email and Usenet.
How SSL works
Encryption is needed to communicate securely over the Internet:
If your data is not encrypted, anyone can examine your users’ personal details and read confidential information.
The most secure encryption method is called asymmetric cryptography; it requires two cryptographic keys—pieces of information, usually very large numbers—to work properly, one public and one private.
The math here is complex, but basically, you can use the public key to encrypt the data, but need the private key to decrypt it.
The two keys are linked together by some complex mathematical formula that is very difficult to crack.
Think of the public key as information about the location of a locked mailbox with a slot in the front, and the private key as the key that opens the mailbox.
Anyone who knows where the mailbox is can leave a message in it; but for anyone else to read it, they need the private key.
Encryption:
Because asymmetric encryption involves these difficult mathematical problems,
It requires a lot of computing resources,
So much so that if you use it to encrypt all the information in a communication session, your computer and connection will grind to a halt.
TLS gets around this problem by using asymmetric cryptography.
And this is only at the beginning of a communication session, in order to encrypt the conversation, the server and client need to rely on a single session key that they will both use.
This is to encrypt their packages from this point onward.
Encryption using a shared key is called symmetric cryptography, and is much less computationally intensive than asymmetric encryption.
Because this encryption key was established using asymmetric cryptography, the overall communication operation is much more secure than it would otherwise be.
All WordPress packages at Host Center include SSL certificates at no additional charge, free of charge.
Paid SSL certificate for Windows servers.
For more details – Host Center Contact Us
All rights reserved to: Josh Prolinger
The article was translated by Yahav Bengiat.
