What is SSL, TLS, https & why are they your friends?

securityDo you know what SSL, TLS, and https mean and do? You deal with SSL, TLS, and https whether you know it or not and it is very important!

TLS = Transport Layer Security

SSL = Secure Socket Layer

https = Hypertext Transfer Protocol Secure

Private and sensitive information gets sent over the internet all day so what is preventing someone from stealing that information? In order for information to be securely transferred over the internet 2 basics are needed.

  1. Confirm server identity

  2. Encrypt communication with serverIdentity

You don’t want to send information to someone who is impersonating the person you actually want to send it to, do you? SSL and TLS provide a way to verify the identity of the recipient. In it’s simplest form, there are many companies that will give people digitally signed certificates vouching for that person saying in essence, “we have checked to make sure this person is who they say they are and we think you can trust them.” When you browse the web, your browser has a list of companies that it will trust to tell you who you can trust. So, when you connect to a server your browser can check their certificate and if it is signed by one of the companies that you trust then your browser will trust it.

Private conversations are good when you are sharing sensitive or private data. You don’t go walking around on the street shouting out your birthday, credit card number, and social security number so why would you do it on the internet? shoutingTLS and SSL provide a way for you to have a private conversation with a server so that others can’t “listen in” on your conversation by encrypting the data. Most data on the web is transferred using http but when it is secured using TLS or SSL it is called https.

It’s important to know when you are or aren’t using https when browsing the web to protect your information. Most browsers have visual indicators to show that https is being used. Make it a habit to make sure that your information will be secure before sending or retrieving that data.

Resources to learn more of the nitty gritty of SSL, TLS, and https

TLS:

http://en.wikipedia.org/wiki/Transport_Layer_Security

http://www.ietf.org/dyn/wg/charter/tls-charter.html

SSL:

http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.html

http://video.google.com/videoplay?docid=7130470471741831613&ei=JETxSrXaC5v-qAPLzKWxDQ&q=ssl&hl=en&view=2&client=firefox-a#

https:

http://en.wikipedia.org/wiki/HTTP_Secure

http://www.ourshop.org/resources/ssl.html

Images via CC BY 2.0

Lock and Chain: http://www.flickr.com/photos/bala_/

Silheuette: http://www.flickr.com/photos/narciss/

Yelling: http://www.flickr.com/photos/demibrooke/