Introduction to SSL/TLS
TLS is the successor protocol to SSL. TLS is an improved version of SSL
Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. TLS works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.
How does TLS/SSL Works
TLS uses a technology called public-key encryption. there are two keys
1. public key 2. private key
when a client(browsers) requests something (opens a connection) with the server, then the client and server machine uses the public key(by client) and private key(server) to agree on a new key called session key to encrypt further communication between them.
When a client opens a channel with a server, possessions of the private key that matches with the public key is the website’s SSL certificate proving that the server is actually the legitimate host of the website.
All HTTP requests and responses are then encrypted with these session keys.
Are SSL/TLS the same?
SSL= Secure Socket Layer
TLS =Transport Layer Security
in 1999 internet engineering task force proposed an update to SSL. Since this update was being developed by IETF and NETSCAPE(SSL protocol was developed by Netscape) was not involved, the name changed to TLS.
SSL has not been updated since SSL3.0 in 1996 and is now considered deprecated. while TLS is up to date.
What is the SSL certificate?
→SSL can only be implemented by a website that has an SSL certificate.
→One of the most important piece of info in an SSL certificate is the website’s ‘PUBLIC KEY’
→Certificate authorities(CA) are responsible for issuing the SSL certificates.
Types of SSL Certificate
Single domain — Applies to one domain only
Wild Card — Applies to one domain but also includes the domain’s subdomain
Multi Domain — Applies to multiple unrelated domains
SSL Certificate Validation Levels
Domain Validation- Least strongest validation, cheapest, the business has to prove they control the domain
Organization Validation — More trustworthy, CA directly contact person/business.
Extended Validation — Requires full BG check of an org.
Happy Learning ….👏👏👏
