- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the Internet. SSL establishes a secure link between a web server and browser to transmit data. To encrypt data, SSL uses two different keys: a public key and a private key. The public key is put into a file that contains your details called a certificate signing request (CSR). Next, the certification authority validates your details and gives you an SSL certificate. This allows you to use SSL. Your web server then matches your SSL certificate to your private key. This allows your web server to create an encrypted link between the website and your web browser. SSL is especially important for websites where users enter confidential information, such as addresses and credit card numbers. URLs that use an SSL connection begin with https rather than http.
Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the Internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol. While TLS and SSL are not interoperable, TLS is backwards-compatible with SSL 3.0.
Both TLS and SSL are protocols that help you securely authenticate and transport data on the Internet.TLS is actually just a more recent version of SSL. It fixes some security vulnerabilities in the earlier SSL protocols. Not only is TLS more secure and performant, most modern web browsers no longer support SSL 2.0 and SSL 3.0. For example, Google Chrome stopped supporting SSL 3.0 all the way back in 2014, and most major browsers are planning to stop supporting TLS 1.0 and TLS 1.1 in 2020.
The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate.