What Is SSL TLS
SSL and TLS are both cryptographic protocols used to increase security by encrypting communication over computer networks. SSL (RFC specification) stands for Secure Sockets Layer while TLS (RFC specification) stands for Transport Layer Security. TLS is the successor of SSL 3.0 and is now the standard. While the term SSL is still dominant, most people actually mean TLS when they talk about SSL because the public versions of SSL have long been deprecated. So today there is no longer just one SSL certificate or one TLS certificate. In fact, all "SSL certificates" are actually SSL TLS certificates. SSL TLS can be used for a variety of applications including securing data over:
- SMTP, etc.
A cryptographic protocol must adhere to certain requirements in order to be deemed secure. Ultimately, both SSL and TLS protocols offer one or more of the following properties:
- The connection is private due to encryption.
- The identity of the peer can be authenticated using public key cryptography.
- Each message transmitted includes a message integrity check to ensure the connection is reliable.
Both SSL and TLS encryption protocols aim to achieve the same goal - to increase network security between the client and the server. How these protocols achieve this is explained in the following section.
How does SSL TLS encryption work?
There are a number of steps involved in establishing a secure SSL TLS connection. To demonstrate how SSL/TLS connections work, the following outlines the high-level process of a handshake using an RSA key.
- Client Hello. The client sends information along with a set of options to the server regarding SSL communication (SSL version number, cipher settings, etc).
- Server Hello. The server makes a decision and provides it back to the client based on the options provided.
- Server Key Exchange. The server provides information to the client regarding the session key as well as its public key.
- Client Key Exchange. The client authenticates the server's certificate and confirms the server's selected encryption algorithm.
- Client/Server Begin Secure Communications. Both the client and server confirm that all subsequent communications will be encrypted.
Many SSL TLS connections continue to be made using RSA keys. However, elliptic curve cryptography (ECC) has been gaining traction as an alternative to RSA due to its ability to provide the same level of security at a much smaller size. To learn more about ECC, read our Elliptic Curve Cryptography article.
Benefits of SSL TLS
There are a variety of benefits associated with securing connections using SSL/TLS. A few examples of these benefits include the following:
- Improves security. By transmitting information over an encrypted connection between the client and the server, this makes it much harder for anyone to "listen in" on the communication between both parties. This is especially important when dealing with the transfer of secure information such as credit cards.
- Instills trust. Related to the previous benefit, using an SSL TLS connection also helps instill trust in your site's visitors. Seeing that a website is using SSL/TLS gives visitors who log in to your site a sense of security. Furthermore, an SSL/TLS certificate is required in order for customers to make a credit card purchase on a website. Read more about why you should be establishing SSL trust for your business.
- Easily deployed. Traditionally, SSL certificates are purchased from a certificate authority for a given time period. In the case of using SSL on a website, this certificate would be uploaded to your server and thus provide a secure connection for visitors. However, Let's Encrypt now offers SSL certificates for free which can be deployed directly from your server. KeyCDN also offers a Let's Encrypt integration to secure the connection from our edge servers to your visitors.
- Ability to use HTTP/2. HTTP/2 is the second major update to the HTTP protocol. It offers many improvements over it's predecessor such as the use of header compression, one connection for parallelism, is fully multiplexed, etc. Currently no browsers support HTTP/2 unencrypted, therefore through installing an SSL certificate, you have the opportunity to take advantage of the benefits of HTTP/2 given that your server supports it.
As outlined, there are a variety of reasons for using SSL/TLS. Traditionally one of the main reasons to purchase an SSL certificate was due to help further secure your website. However, with the introduction of Let's Encrypt and HTTP/2 there are now additional benefits to using SSL/TLS encryption.