The secure transmission of data over the Internet has gained enormous importance today. More and more issues in daily life are being run over the web. With each of these actions, more or less sensitive data is exchanged. The protocol TCP / IP, which was mainly used up to now, was designed primarily for the security of the connection, but not for data security.
- The SSL protocol protects data transmission from the user to the website.
- The further use of the transferred data is not protected.
- The Chrome browser developed by Google only displays websites with SSL encryption without any problems.
What is ssl
According to abbreviationfinder, SSL stands for Secure Socket Layer. This is a protocol that sits between the transmission protocol TCP / IP and the application. It’s completely transparent. This means that the layers above and below do not notice his presence. Therefore, SSL can be used if a secure connection is available. If this is not the case, SSL switches itself off. No technical changes to the transport protocol or the application are necessary. This means that secure transmission using the SSL protocol can gradually be introduced while the Internet continues to function as usual.
What is TCP / IP?
TCP / IP is a collection of protocols for data transmission on the Internet. It is, so to speak, the backbone of the web. These protocols are divided into different layers, which in turn are divided according to the function of the protocol. For example, there are layers for transport, network access or for applications.
What is TLS?
TLS is the abbreviation for Transport Layer Security. This is the new name for SSL from version 3.1; Version 3.0 was the last version of this protocol that was still referred to as SSL. The newer versions are called TLS.
How are SSL and https related?
The abbreviation https stands for Hypertext Transfer Protocol Secure. Like SSL, https was developed by Netscape for secure data transmission. The first versions appeared in 1994. In order for the data to be transmitted securely, authentication and encryption are required. Authentication ensures the identity of the server. The encryption ensures that the data cannot be read by others on the way from the user to the web server.
What is an SSL Certificate?
An SSL certificate is an electronic certificate that is issued by a recognized certification authority after verification of identity. This SSL certificate is assigned to a domain or a domain and its subdomains. Large web hosts often only have one SSL certificate for all of the pages they host. This certificate refers to an SSL server that makes the first connection to the user’s web browser. From there it will be forwarded. The connection from the SSL server to the actual website is not secured. There are various authentication options that implement different levels of security.
What types of authentication are there?
There are three possible types of authentication:
- DV = Domain Validation: The identity of the domain or the domain owner is only verified by an email. This rather weak version is suitable for small websites or blogs.
- OV = Organization Validation: The company or person who owns the domain is also checked. This is done by checking account data or entries in the commercial register. This type of identity check is ideal for online shops, for example.
- EV = Extended Validation: This requires a stricter check of the domain owner in several steps. Various documents must also be submitted to the certification body for this purpose.
How does SSL encryption work?
The SSL protocol works with two keys – one public and one private. If a browser establishes a connection to a website provided with an SSL certificate, this certificate is transmitted first. The browser checks it using the public key issued by the certification authority. If the certificate is recognized, the browser generates a private key and sends it to the server. This is only valid for this session. It is now used to encrypt the data for communication between the browser and the server.
What is not protected by the SSL protocol?
The protocol only protects the transmission of data from the user’s browser to the server of the website or the online shop. It does not affect:
- the further processing of the transferred data,
- data protection,
- the seriousness of the online retailer.
The Internet user must not be lulled into false security by the SSL certificate.
Who Needs an SSL Certificate?
Initially, this certificate was only used for online banking or online shops. This was to ensure that no account or credit card data could be intercepted and misused. In the meantime, however, more value is generally placed on data protection. This also affects other personal user data, such as date of birth or address. This is why SSL encryption is recommended for all websites, blogs, online shops and web portals today. The Chrome browser developed by Google no longer displays unencrypted pages without any problems. Instead, it issues the warning: “Unsafe site”.