Al Idian

The Basics of SSL/TLS

2016.08.05

What is it?

SSL is commonly used to refer to both Transport Layer Security (TLS) and Secure Sockets Layer (SSL). Technically, SSL is the older and deprecated version of the technology, while TLS is the current standard. They are sets of procedures that facilitate data encryption and authentication between computers in situations where data is sent across an insecure network (Kangas, 2016).

To provide a concrete use-case scenario, it’s what prevents (or tries to prevent) malicious parties from snuffing out my information when I access my bank account online.

For the rest of this post, I’ll just use the common name SSL to refer to SSL/TLS.

Clients and servers

In software development, clients and servers are two types of entities in a software design model. Clients typically request service, and servers are the entities that provide that service. When I access my bank account online, my browser is the client, and the bank’s computer network is the server.

The goal of SSL is to facilitate the secure transferrence of data between two parties over an inherently insecure network. Often, these two parties are composed of a client and a server (but not always).

For the rest of this post, I’ll assume that our two entities are made up of a client and a server.

The handshake

Handshake is a novel term for the authentication process between client and server. A handshake in SSL increases trust between the entities involved and provides guarantees for secure data transfer for the rest of the transaction.

The general process goes like this (heavily borrowed from SSL.com):

Client

Server

Client

Server

Both

Now, the client is certain that the server is who it says it is (and vice-versa). Because only they have access to the shared secret, they can use it to ensure that no other entity can read their sent data or impersonate either party.

It is only after this handshake that the actual transaction can begin.

-----

References