It may help to understand the underlying technology before diving into SSL Certificates’ many benefits and uses. Using this article we will discuss how Secure Socket Layer (SSL) developed into Transport Layer Security (TLS) and how they are used to provide security for both the public Internet and company intranets.
A major goal is to provide you with a comprehensive overview of Secure Socket Layer (SSL) and certificate management so that you can make an informed decision regarding certificate management.
Why is SSL important?
SSL stands for Secure Socket Layer, the original name of the protocol that authenticates and encrypts communications over the internet. The SSL protocol has been replaced by an updated version called TLS a while ago.
An overview of the SSL to TLS transition
In the following timeline, you will see how SSL has evolved:
In the 1990s, Netscape developed SSL, a security protocol for encrypting and securing internet communications. Due to security concerns, SSL version 1.0 was not released.
Despite SSL v2.0’s many flaws, Netscape released it in 1995.
Version 3.0 of SSL was released in 1996 and addressed the problems associated with version 2.0. Significant improvements were made and forever changed how the internet operated. However, SSL 3.0 and earlier versions are no longer supported as of 2015.
A major upgrade to SSL was made by the Internet Engineering Task Force (IETF) with the release of TLS v1.0 in 1999; it leveraged SSL v3 but with minor security changes, so that SSL v3.0 and TLS v1.0 were not interoperable.
In 2006, TLS v1.1 came out, and in 2008, TLS v1.2 replaced it. Since most websites upgraded from TLS v1.0 to TLS v1.2 directly, TLS v1.1 adoption declined. It has now taken us 11 years to reach TLS v1.3.
IETF drafted nearly 30 drafts of TLS v1.3 before it was finalized in 2018. The new version makes significant improvements over previous versions. In March 2020, all six major companies have deprecated TLS versions 1.0 and 1.1, including Apple, Google, Mozilla, Cloudflare, and Cisco. At present, SSL is only available in versions 1.2 and 1.3 of TLS.
Actually, TLS is a more modern version of SSL. People tend to refer to TLS as SSL. The purpose of SSL and TLS is the same, namely securing sensitive information during transmission. However, the cryptography behind SSL is very different from that of TLS v1.3.
In SSL, digital certificates provide the secure connection between servers (such as websites, intranets, or VPNs) and clients (such as web browsers, applications, or email clients).
A server, such as an ecommerce website, is automatically authenticated through SSL certificates, preventing phishing and eavesdropping on communication. SSL certificates ensure that sensitive information is encrypted during transmission on a website that asks for sensitive information from users. Without an SSL certificate, it is not safe to trust that connection with personal information.
What is the process?
SSL is designed primarily to secure communications between two endpoints, the client and the server. Connections between servers and clients, such as between web servers and browsers, or between mail servers and email applications, such as Outlook, are common.
The SSL protocol consists of two distinct protocols:
By means of the Handshake protocol, the server (and optionally the client) is authenticated, crypto suites are negotiated, and the shared key is generated. During the remainder of a Record session, each connection is isolated using a shared key.
Protocol for Handshakes
A secure channel for server and client communication is established through the SSL handshake, an asymmetric cryptography process. HTTPS connections always begin with the SSL handshake.
Clients experience the handshake in their browsers or applications, automatically and instantly – without the need to disrupt their user experience. If the handshake fails, however, the client’s browser will display an alert indicating the connection has been terminated.