Glossary

SSL

TL;DR

SSL (Secure Sockets Layer) is a cryptographic protocol that provides secure communication over the internet, though it has been superseded by TLS for modern security implementations.


Concept

SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure communication over a computer network, most commonly the internet. Originally developed by Netscape in the mid-1990s, SSL was the predecessor to TLS (Transport Layer Security), which is the current standard for secure communications.

Key features and concepts of SSL include:

  1. Encryption: SSL encrypts data transmitted between clients and servers, preventing eavesdropping and tampering.

  2. Authentication: SSL certificates verify the identity of websites and, optionally, clients, establishing trust in online communications.

  3. Data Integrity: SSL ensures that data has not been modified during transmission through message authentication codes.

  4. Handshake Protocol: A process that establishes the encryption parameters and authenticates the communicating parties before data exchange.

SSL operates through several record types:

  • Handshake Protocol: Negotiates encryption algorithms and authenticates parties
  • Record Protocol: Transports data and handles encryption/decryption
  • Alert Protocol: Communicates error conditions and security alerts
  • Change Cipher Spec Protocol: Signals transitions in encryption specifications

SSL versions include:

  • SSL 1.0: Never publicly released due to security flaws
  • SSL 2.0: Released in 1995 but deprecated due to vulnerabilities
  • SSL 3.0: Released in 1996, also deprecated due to security issues

SSL has been superseded by TLS (Transport Layer Security), with TLS 1.3 being the current standard. Modern implementations should use TLS rather than SSL, as SSL versions have known security vulnerabilities.

SSL/TLS is commonly used for:

  • Securing web traffic (HTTPS)
  • Email encryption (SMTPS, IMAPS, POP3S)
  • VPN connections
  • API security
  • File transfer security

Organizations use SSL/TLS certificates to establish secure connections with clients, protect sensitive data in transit, and build trust with users through browser security indicators. While the term “SSL” is still commonly used, modern implementations should use TLS for security.

Related words: TLS HTTPS VPN