09
Dec

Understanding SSL communication

Consider you are a tech savvy shopper & an online shopping website that doesn’t have SSL is asking for your credit/debit card information, would you enter the info? Off course the answer is no. We always think about our privacy & security when we are online. The ecommerce website owner should always show positive attitude towards security of sensitive information entered by their online customers & hence they should aware of the importance of SSL.

 Secure_Sockets_layer

How Secure Sockets Layer (SSL) works?

SSL is a communication protocol that is used for securing communications (transactions) between two parties say client & server. Usually client is your web browser and server is website with whom you are interacting.

Let us consider a scenario where you are communicating with a website which is not secured. When you submit confidential information on website, the browser sends this information to web server through the network. As your information is not encrypted, any one (let’s say hacker) can read & alter it easily over network.

What exactly happens when you use SSL?

For accessing secure pages ‘https://’ is used. First step is user/browser request a web page to the web server. When transaction is initiated the server sends its public key along with its digital certificate.  The next step is the web browser verifies that the digital certificate is issued by a trusted Certification Authority (e.g. RapidSSL,   GeoTrust, GlobalSign etc.) & sends a message to dedicated hosting server. The web server sends back a digitally signed acknowledgement to initiate an SSL encrypted session.

After verifying the certificate of the site the browser & server uses a public key cryptography technique for communication.

In public key cryptography two types of keys are used one is public key & other is private key. When you sends sensitive information to server, server says “hey, before sending me the information use this public key to encrypt your personal information. As soon as I get your information message I will decrypt your message using my private key”.

Information encrypted with public key cannot be decrypted by any other key other than private key. So the intruders or hackers are unable to read the secured encrypted message.

Information security is very important for conducting online business. SSL helps to achieve 3 goals of secure communication -1] Authentication from both party 2] Message integrity 3] Privacy

 URL of secure website start with https. Along with https browsers show a closed padlock sign in address bar that designates an encrypted connection.

 esds_ssl

You can view certificate information by clicking on the lock present in address bar. Position of padlock varies depend on browser. The latest version of SSL is also called as Transport Layer Security (TLS). In above image you can see the connection is using TLS 1.0. RSA, AES & SHA1 are the algorithms used for encryption & decryption of the text.

In conclusion we can say that the SSL establishes secure communication channel (tunnel) between customer & your website. Through SSL you prove that your website is safe & legitimate.

Resources:

Leave a Reply