Friday, September 11, 2015

How does SSL or Secure Sockets Layer work ?



What is SSL or Secure Sockets Layer ?

SSL or Secured Sockets Layer is a standard security technology for establishing a secure link between a server and a client – for example, a web server and a browser or a mail server and a mail client (e.g. Outlook).
Sometimes a user shares sensitive information like credit card number, social security numbers etc over the internet. Normally, data in raw format traverses between a web server and its client, making it vulnerable of attacking by hackers. To prevent that we use SSL, so that the data transmitted between the server and the clients are in encrypted format.

How does SSL Work ?

Normally all browsers have the capability of connecting with a secured web server using the SSL protocol. But the web server and the clients need SSL certificate to establish a secure connection.

SSL certificate basically contains a public and private key-pair, which is used to establish a secure connection between the server and its clients. One has to get a SSL certificate for her server from the CA or Certificate Authority and then install it on the server.

After installing that, when a browser wants to communicate with the web server, they establish a secure connection using a process called SSL Handshake.

Mainly three keys are generated at this time, a public and private key pair and a session key. Normally, it takes lots of processing power to encrypt and decrypt all the data transmitted between the server and the client. So, session key is used for that purpose.

So, here is how a secure connection gets established between a server and a client using SSL:

  • The web browser requests a copy of the SSL certificate of the web server, containg its public key.
  • The server sends a copy of its SSL certificate to the client, which contains its public key.
  • The client then verifies the authenticity of the certificate with a list of trusted CAs.
  • After the authenticity of the SSL certificate is verified, the client sends back the symmetric key encrypted with the public key of the server.
  • The server decrypts the symmetric key with its private key.
  • The secured communication starts encrypted with the session key.

So, this is a very short and simple article about SSL. Hope you enjoyed it!

No comments:

Post a Comment