SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that encrypt data transmitted between a client and a server. They provide the security layer for HTTPS, preventing unauthorized parties from eavesdropping or tampering with network traffic.
The protocol operates through a process called the TLS Handshake. During this phase, the communicating parties negotiate cipher suites, exchange public keys using asymmetric encryption (like RSA or Diffie-Hellman), and verify the server's identity through a digital certificate issued by a trusted Certificate Authority.
Security Pillars
TLS ensures network security through three fundamental mechanisms:
- Encryption: obfuscating data so it cannot be read by intermediaries.
- Authentication: verifying the identity of the server to prevent impersonation.
- Integrity: using Message Authentication Codes (MAC) to ensure data is not modified during transit.
Modern infrastructure relies on TLS 1.2 and TLS 1.3. The 1.3 version improves performance by enabling a 1-RTT handshake and enhances security by removing legacy features vulnerable to attacks like POODLE or Heartbleed. All major browsers now deprecate SSL 3.0 and TLS 1.0/1.1 due to known cryptographic weaknesses.