How Secure Sockets Layer (SSL) Works
Secure Sockets Layer (SSL) is the most frequently used technology for establishing a secure communication between the web client and the web server. Most of us know that sites such as Gmail, Hotmail, Yahoo, etc. use https protocol in their login pages, but you may be curious what is the difference between http and https.
In simple terms, an HTTP protocol is used for regular communication between the web server and the web client. HTTPS provides a “Secure communication”.
Working of HTTP:
Before we figure out the concept of SSL, we should first learn what a “Secure Communication” means. Suppose there are two communicating parties: Say X (client) and Y (server).
When X sends a message to Y, the message is sent as a plain, unencrypted text. This is common in situations where the exchanged messages aren’t confidential. But, imagine a scenario where X sends a PASSWORD to Y. In this case, the password is also sent as a plain text. This is a serious security issue because, if a hacker can gain unauthorized access to the current communication between X and Y, he can quickly get the PASSWORDS since they stay unencrypted. This scenario is illustrated in the diagram below:
Working of HTTPS:
When X sends a PASSWORD (say “mypass123“) to Y, the message is sent in an encrypted manner. The encrypted message is decrypted on Y‘s side. So, even if the intruder manages to gain an unauthorized access on the ongoing communication between X and Y he gets only the encrypted password (“xz68p7kd“) and not the original password. This is shown in the following diagram:
HTTPS is put into action by using Secure Sockets Layer (SSL). A website can implement HTTPS by acquiring a SSL Certificate. Secure Sockets Layer (SSL) technology secures a web site and makes it trustworthy for the site visitors. It has the following uses:
- An SSL Certificate allows encryption of delicate information during online activities.
- Each SSL Certificate has unique and verified information about the certificate owner.
- A Certificate Authority authenticates the identity of the certificate owner when it is issued.
The whole notion of Secure Sockets Layer is realized on the basis of RSA algorithm where each SSL Certificate consists of a Public key and a Private key. The public key encrypts the information, and the private key decrypts it. When your browser establishes a connection to a secure domain, the server sends a Public key to the browser in order to complete the encryption. The public key is available to everyone, but the private key (used for decryption) is secret. So, during a secure communication, your browser encrypts the message with the public key and sends it to the server. This message is decrypted on the server using the Private key (Secret key).
Recognizing a Secure Connection
In Firefox, Google Chrome or Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar can be found on the right side of the Address bar. You can click the lock to view the website identity.
In high-security browsers, the verified organization name is openly displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is found. If the certificate has expired, the browser displays an error message or even warning, and the status bar will turn RED.
So, the bottom line is this: Whenever you perform an online transaction such as Bank login, Credit card payment or Email login, always ensure yourself that you have a secure communication. A secure communication is essential in these situations. Otherwise, there is a possibility of a Phishing attack with a fake login page.
I hope you learned something new today. Please pass your comments below.