How does SSL work?

The SSL Store has just published an excellent primer on what SSL is and how it works, starting with the acronym itself: Secure Sockets Layer.

Any casual web user might notice some terms along the bottom of your web browser whenever you click a link or button on a secure website, expected terms such as “connecting” or “transferring data.” But you may also see the term “Performing TLS Handshake…” cross your screen. This is the first step in how an SSL certificate transfers your data securely.

In short, an SSL certificate accomplishes three things whenever data is transferred (in transit) between a user’s web browser and the website’s servers:

  1. It authenticates who you are connecting to by verifying their identity.
  2. Encrypts the data to ensure it is not read by unauthorized parties.
  3. Prevents tampering by anybody as the data is moving.

This is known as the SSL/TLS handshake. It’s your browser’s way of introducing itself to the website’s server, and the server’s way of assuring the browser that the connections are legitimate, authentic and secure.

So what’s TLS? TLS stands for Transport Layer Security. This term often gets used interchangeably with SSL. In fact, it actually SSL’s successor; the original SSL protocol was deprecated more than twenty years ago. However, the term has remained part of common parlance, thus when people say “SSL”, they’re actually referring to TLS.

Regardless of what term you use, web browsers will report a secure site typically with a little lock icon next to the address bar. Clicking that lock will provide a detailed breakdown of the certificate, or report any problems with the certificate. It’s worth familiarizing yourself with these notices to ensure that any data you send is going securely to the right place.