Cybersecurity can feel like a minefield with all its acronyms. You might not know what SSL or TLS mean or do, but they matter. TLS is why hackers can’t snoop on your traffic and steal your credit card details while you’re using online banking. But how does it work? Read on to learn all about SSL certificates and TLS handshakes.
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are both cryptographic protocols that encrypt and authenticate data traveling from the client (i.e. your device that is requesting a website) to a server, machine or application
SSL is TLS’ predecessor. SSL was first released to the public in 1995. However, it had many vulnerabilities, so it was replaced by SSL v3.0 a year later. The latter wasn’t perfect either, so TLS was introduced in 1999. Most devices and browsers have now moved to TLS v1.2. However, many people are so used to the term SSL that they will refer to TLS as SSL. Most are now using the term SSL/TLS to ease the transition.
SSL/TLS goes hand in hand with HTTP and is what adds the S for ‘security’ in HTTPS. HTTP (Hypertext Transfer Protocol) is an application protocol that transfers data from a web browser to a web server, or in simpler terms, delivers your search results to your browser.
However, HTTP connections aren’t safe on their own. It’s like sending your data out in the open – anyone can see it. HTTP is vulnerable to man-in-the middle attacks, which means that anyone snooping on the traffic could steal your login or credit card details.
That’s why HTTPS was introduced. It’s a combination of HTTP, which handles the mechanics of data transmission, and SSL/TLS, which handles data encryption. With SSL/TLS encryption, your data is much safer – anyone snooping on your traffic can now only see scrambled data. These days, most websites use HTTPS. NordVPN uses it too! Have a look at your URL bar.
SSL/TLS encryption can be divided in two stages: the SSL/TLS handshake and the SSL/TLS record layer. Let’s delve into them in more detail.
An SSL/TLS handshake is a form of communication between a client and server where the two decide what protocol version will be used for their further communication. How does performing a TLS handshake work in practice?
This is where the encryption takes place. The data is sent from the user's application and encrypted. Depending on the cipher, it may also be compressed. Then, it’s sent further to the network transport layer, which determines how to send the data to its target device.
Web servers that support TLS will have “SLS certificates,” though it might be more accurate to call them SSL/TLS certificates. They are acquired from web hosting platforms and are needed during the SSL/TLS handshake process to authenticate that they are indeed secure connection providers.
However, protocols are not the same as certificates. What protocol will be used during your connection, SSL or TLS, is determined by your browser and the target server’s configurations, not the website’s certificate. It’s possible to connect to a website that has HTTPS but uses an outdated SSL v3.0 protocol.
Such connections are vulnerable to attacks. Most new browsers will indicate this in your URL. Just look for the crossed green padlock and HTTPS symbols. If you are worried about accidentally connecting to a website that only supports SSL v3.0, you can manually disable SSL connections. However, this might lead to connection disruptions.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!