SSL stands for Secure Sockets Layer.
SSL is Netscape’s protocol for creating an encrypted connection between a web server and a web browser. The term ‘sockets’ also refers to socket method of exchanging information between a client and a server program: either in a network or between processes on the same device. SSL is an industry standard that safely and reliably transmits private information such as credit card numbers, social security numbers and login credentials over Internet by encoding it. Numerous websites utilize it to ensure their customer’s online transactions.
SSL was first commonly used framework to secure online transactions, and eventually came to be used to secure authentication and encryption on network transport layer for other applications. SSL uses a blend of public key and private key and session keys encryption to safeguard a connection between a web and a client system, connected together by Internet, or by other similar TCP/IP network. Anything encoded by using public key can only be decoded with private key, and vice versa. TLS protocol evolved from SSL and has officially replaced it.
Authentic implementation of Secure Sockets Layer was developed in early 1990s with aid of Netscape Communications Corporation to secure HTTP, which sends its records as simple text over Internet. First released version was 2.0 which gained prominence in spite of some framework flaws and protocol vulnerabilities. Internet Engineering Task Force (IETF) deprecated SSL for use on web in 2015 and has since been supplanted by Transport Layer Security (TLS) protocol. However, TLS and SSL are not interoperable, and TLS is SSL 3.0 backward compatible.
- SSL provides protection of network connection through:
- Confidentiality –
Using symmetric-key cryptography information is encrypted.
- Authentication –
Communication entities identify themselves by using digital certificates. Authentication of site server is mandatory while authentication of database is left optional.
- Integrity –
Maintains checks on credibility of communications.
- Lossless methods of compression are employed to compress fragmented data.
- Mainly designed for Online e-commerce.
- Supported by nearly every Web browser.
- For all TCP applications SSL is accessible.
SSL protocol is constructed architecturally as a suite of protocols over TCP / IP. SSL protocol design is commonly described as SSL Protocol Stack.
There are two sub-layers of SSL protocol –
- First sub-layer –
The first sub-layer contains one portion of SSL protocol called Protocol to SSL record. The element allows for integrity and secrecy facilities. SSL record protocol also handles data checking and encapsulating it with appropriate headers for secure transfer under the TCP protocol.
- Second sub-layer –
Protocols for second and top layers of SSL protocol stack incorporated SSL Handshake Protocol, SSL Shift Cipher Protocol, and SSL Warning Protocol. The second layer of SSL Protocol Stack is set over SSL Record protocol and is responsible for maintaining a safe and secure connection to an application protocol such as HTTP. Three top layer stack protocols deliver customer-to-server session control, cryptographic parameter control, and secure SSL message transfer.
These are following advantages of SSL:
- Encryption –
Data transmission that takes place on a website using SSL is encoded to ensure security of sensitive data. When data is encrypted, intruders find it difficult to intercept information inside.
- Server Authenticity –
SSL provides authentication, meaning that transfer of data over Internet is guaranteed to pass through proper servers. Intruders often pretend to be your website, and concentrate on your clients’ information. Using a suitable Public Key Infrastructure (PKI) and receiving SSL Certificate from a trusted SSL supplier will avoid this.
- Trust –
Customers trust sites that uses SSL. This makes traffic acquired at a site. Additionally, if a site includes online payments and allows memberships, information security measures must be in place to secure your customers’ data.
- Security –
When a customer receives a phishing email, it contains link to an exact copy of original website and when a customer uses its information on website, it can be accessed by an unauthorized user, but having an SSL certificate cancels their access and thus secures customer from unauthorized phishing email.
These are following disadvantages of SSL:
- Performance –
As data is transmitted over an Internet portal that requires SSL, then speed is slowed down due to encryption and decryption.
- Cost Factor –
SSL certificates are quite expensive because service providers have to pay for infrastructure maintenance. Although some hosting organizations do provide SSL certificates free of charge.
- Extra Credentials Required –
SSL Certificates will devour some additional resources, as data must be encoded. Perceptible change in website performance with massive internet traffic can be a disadvantage when using SSL certificates.