Hostjaer

SSL (abbreviation for Secure Sockets Layer) are protocols that establish authenticity and encrypted links among network computers. It has since been improved to TLS (abbreviation for Transport Layer Security), although the SSL name is still used to date. TLS was first released in 1999 (TLS 1.0) by improving the SSL, which is why it is still referred to as SSL/TSL in tech circles. The latest version is TLS 1.3, released in August 2018

 

Frequently Asked Questions

What is SSL?

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are network protocols that establish authenticity and encrypted links among network computers. SSL was common in internet security until 1999, when TSL was created. However, the name is still used in tech circles and related technologies, i.e. SSL or SSL/TLS.

 

What is an SSL Certificate?

SSL Certificate (aka TLS or SSL/TSL certificate) is a digital document that binds website identity to a cryptographic key pair. The security key pair consists of a public and a private key, each with a specific use. Whereas the public key allows the browser to initiate a secured communication with a server through the TLS and HTTPS protocols, the private key is in the server. It is used to digitally sign web pages and other virtual documents, including JavaScript Files and images.

The SSL certificate also identifies website information, including domain name and other relevant information about the website’s owner. SSL certificate, digitally approved by a publicly trusted authority like SSL.com, brings trust to end users’ web browsers and operating systems. It validates the web pages, allowing access to the server’s content.

SSL certificate is one of the certificates issued by X.509.

 

What is TLS?

It is SSL’s successor, released in 1999, with enhanced online encryption and authentication. The Latest TLS version is TLS 1.3, released in August 2018, and is defined using the RFC 8446 protocols.

 

Does a website need a dedicated IP address for an SSL/TLS?

Currently, it is optional to have a dedicated IP address for an SSL certificate, thanks to the Server Name Indication (SNI). The SNI is provided by your web host to facilitate the SSL certificate. However, before SNI technology came into being, it was mandatory for a website to have a dedicated IP for every SSL certificate.

To understand more about SNI and SSL certificates, read this SSL.com article.

 

Which is the SSL/TLS recommended Port?

Port 443 is the most recommended, thanks to its compatibility. It is the standard in SSL/TLS communication. Nevertheless, you can use any other port.

 

Which is the current SSL/TLS Version?

TLS 1.3 is the most recent version, released in August 2018 by RFC 8446. Before that, there was TLS 1.2 by RFC 5246 was released in August 2008, which is still used to date. However, certain sections of the TLS 1.2 were considered insecure, therefore, unfit for use.

 

What issues did the previous versions of the TLS have?

TLS 1.0 and 1.1 had significant protocol vulnerabilities widely published for over 20 years. Implementation was hampered by these vulnerabilities, reducing security inefficiencies. Notably, ROBOT affected the RSA exchange algorithm, while WeakDH and LogJam exposed TLS servers’ weakness in using incorrect parameters for other key exchange methods. In online security protocols, compromising a key exchange meant exposing the network security to attackers who could decrypt conversations.

BEAST and Lucky13 attacks exposed the security protocol in the earlier TLS versions. Cyphers such as CBC-mode and RC4 supported in TLS 1.2 were vulnerable, necessitating the upgrade.

Signatures were also not spared, the common one being the Bleichenbacjer RSA signature forgery. There were also other padding attacks on signatures that prompted a thorough look into the signature and security protocols.

TLS 1.2 tried to mitigate these attacks by configuring the protocols according to the vulnerabilities. However, it didn’t stop the downgrade attacks, a good example being the POODLE, CurveSwap and the FREAK. The attack was rampant before the TLS upgrade because the protocols did not observe the handshake negotiation. The negotiation was instrumental in deciding the protocol version to be used throughout an exchange.

 

Certificates, Keys and Handshakes 

The operational SSL/TLS model works by binding online platforms (websites or companies) identities via Cryptographic key pairs. Each key pair has a private and public key. The private key is kept secure within the servers, while the public is distributed online via the SSL/TLS certificate. All this is done through digital documents known as X.509 certificates.

There is a special relationship between the public and private keys; the public key encrypts the message, which the private key can only decrypt. The private key can sign on other digital documents (like web pages), where anyone with the public key can verify the signature.

To understand the relationship and comparison between the digital signatures used in the SSL/TLS algorithm, read Comparing ECDSA vs RSA.

SSL/TLS certificate signed by a trusted certificate authority like SSL.com gains trust from other software like web browsers and operating systems. For a certificate to be trusted, it has to be approved by major software suppliers who validate their identities for use on their platforms. However, the validation undergoes regular audits to authenticate and maintain the trusted status.

SSL/TLS handshake facilitates the public and private key for use on another publicly trusted certificate. It also negotiates encrypted and authenticates communication over the internet. The process makes it easier for parties to communicate even if there is no previous connection. In effect, this process is the basis of secure web browsing, especially on e-commerce platforms, as it is done today.

However, not all secure SSL/TLS require public trust. Some companies have internal trusted certificates for use. For more on these privately issued certificates, go through the Private vs Public PKI.

 

Secure Browsing and SSL/TLS

Secure website and online browsing is the most common use of SSL/TLS through the HTTPS protocol. You need an SSL/TLS certificate corroborated by a publicly trusted certificate authority to get a well-configured public HTTPS website. With this, anyone visiting the HTTPS website is guaranteed of:

  • Trust and Integrity – documents approved by the certified authority are still in their original state with no alteration in transit. Documents, in this case, are web browsers or any other digital documents.
  • Authenticity – the server from which the certificate originates should have a private key that matches a public key.
  • Online security – communication between the two engaging servers is encrypted.  

These protocols and properties allow people to use such platforms to relay confidential information, for example, credit cards and social security numbers, over the internet. It also facilitates account sign-up and sharing of crucial personal information. If this is done over an insecure platform, they come as plain text, which is easily accessible to anyone with access to the data bank. Such unprotected platforms have poor third-party assurance, which does not guarantee clients’ information safety.

 

To be sure of the website’s online security and data protection, look out for the following SSL/TLS certificate indicators:

ssl

  • A closed padlock icon on the left side of the URL – it may be green or with some information depending on the type of browser you are using. They both denote the SSL/TLS security of the web page.
  • The protocol on the webpage’s URL should be https:// and not http://. However, not all browsers will show this prefix on the URL.

Most desktops and computers will also alert their visitors if the website they are about to visit does not have an SSL/TLS certificate. The padlock on the left side of the URL is crossed out in red and may be harmful, especially if you enter any personal details.

ssl

How to Obtain an SSL/TLS Certificate 

Obtaining an SSL/TLS certificate is done when setting up or updating your website. The following is the process for requesting a publically trusted authority for an SSL/TLS certificate.

  • Go to the server that needs the SSL/TLS certificate and generate a pair of private and public keys. The process works well if the initiator knows how the SSL/TLS certificate works.
  • The public key, domain name and the organisation or website information to be protected are used to generate the certificate (certificate signing request – CSR). To understand more about the generation and management of the key pair, CSR and the entire process, check out the FAQs section.
  • The certificate signing request is then sent to a trusted certificate authority (CA), like SSL.com, for validation. The CA then goes through the information and authenticates it before generating the certificate. If you want to follow the ordering instructions for an SSL certificate, read this HOW TO article.
  • Afterwards, the system installs on the requested web server.

SSL/TSL certificates vary owing to the different validation methods. The level of trust a certified authority gives also determines the strength of the certificate. Extended validation represents the highest level of trust bestowed on an SSL/TLS certificate.

To understand more about the level of validation (DV, OV and EV), refer to the DV, OV and EV certificate article. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Hello
How can we help you today?