Even if at least they know it, SSL and especially TLS are the protocols we use most often on the Internet. SSL and its successor TLS are protocols which are used to encrypt our surfing on the Internet. They are also the ones that turn the “http” in our address bar into “https“. In the following we want to talk about the basics of SSL and TLS.
Basics of SSL and TLS – Function
SSL and TLS form the basis for secure data transmission when surfing. Our web browsers use these protocols to establish a secure connection to a website through encryption. This is to ensure that our data cannot be read or changed during transmission. The SSL (“Secure Socket Layer”) protocol has now been replaced by the standardized successor TLS (“Transport Layer Security”). Although TLS is the successor of SSL, the term SSL is still used today due to its popularity.
The most used protocol on the Internet
The Transparenzbericht published by Google shows that 91% of all Google searches in Germany are currently encrypted. Likewise the statistics of the certification authority Let’s Encrypt, here in the Blog already presented , show that over 180 million certificates for the encryption of web pages were created there in the last 3 years. Finally a study of the network equipment company Sandvine shows that in 2018 more SSL/TLS encrypted connections were used than unencrypted ones.
Basics of SSL and TLS – Protection Objectives
Encryption and security while surfing the Internet takes place between the browser and the website. The main tasks of SSL and TLS during this communication are the following:
- The authentication of the website – I really surf with aware7.de?
- The confidentiality of the data – only aware7.de and my browser know which data is transferred?
- The integrity of the data – Were the transmitted data not changed during the transmission?
These questions are to be solved by the use of SSL and TLS. Therefore a certificate is exchanged between the web browser and the web page each time a web page is called. This certificate is then checked for validity by the browser. If this check fails, we as the user receive a warning from the browser. In such a case it is not recommended to continue surfing on the respective website.
SSL and TLS are therefore used to protect our connection to a website from being read and manipulated. Therefore you use certificates to ensure who is communicating with and to establish a secure connection. To understand how this works, in the next part of this series we will look more closely at certificates and their use.
Sevencast – der IT-Security Podcast
Von unterwegs, im Büro oder zu Hause hören und auf dem aktuellen Stand bleiben!