Useful and interesting tips
the Internet

SSL: what is it?

Secure Sockets Layer (SSL) isA cryptographic protocol designed to ensure the security of communications. This protocol was widely used earlier to organize secure reception / transmission of information through the global network, in particular - for secure exchange of text messages and organization of voice communications over IP.

In this article in detail we will tell you what an SSL-protocol is.

A bit of history

SSL protocol was developed by Netscape in 1996year for its eponymous browser, but it quickly gained popularity, and other browsers and web services also began to use it. SSL uses an asymmetric public key cryptosystem, developed by RSA.

Exchange scheme

The SSL protocol makes it possible to transmitencrypted data on open channels, without fear for their interception and decryption. The protocol contains two layers - a transport TCP, which forms a data packet and is responsible for their transmission over the network, and a secure SSL Record Protocol. For safe transfer, it is mandatory to use both layers of the protocol.

SSL information is encrypted withusing cryptographic keys of different sizes - 40, 53256 and 128-bit. The higher the number of bits, the more resistant the code becomes. But the decryption of even the shortest 40-bit key will take at least 24 hours. The Internet Explorer browser uses 40 and 56-bit keys by default, however, if the privacy of information is very important to the user, it is recommended to use 128-bit keys, for example, in Internet Explorer, for example, you have to download the Security pack.

SSL certificate

To exchange data over SSL,the server / site must have an SSL certificate that contains encrypted information (however they are understandable to the protocol) information about the certificate owner, the certification authority to which it was issued, and many other useful information. If the SSL certificate is not available, the user will be denied access to a potentially dangerous server.

"Communication" via SSL certificate

When using the SSL certificate, the server and the clientexchange special unique initialization messages that contain data about the protocol version, the session ID, the type of data encryption, and the type of compression. After the "welcome word", the server sends the client a certificate or a key message and requests a client certificate. Then there are several operations to refine and exchange algorithms and keys, and only then begins the process of transferring sensitive information.

Of course, the entire procedure takes quitea lot of time, although for the user the delay is negligible. However, with subsequent access, the already "friends" client and server use the identifier of the previous session.

Is not safe anymore

At the beginning of the article, we wrote that SSL is activewas used earlier, this means that SSL is no longer considered to be a sufficiently secure protocol. During the existence of the SSL-protocol, it was found a lot of vulnerabilities, and therefore today it is recommended to abandon the use of SSL in favor of the new TLS standard. However, modern hackers will not give long and quiet life and TLS.

See also: What is HTTP | Data protection with the HTTPS protocol.

For more information, see Concepts and Definitions.

Comments 0