The Containment Era is here. →Explore

Ensuring security with secure sockets layer (SSL)

SSL encrypts data between clients and servers, ensuring confidentiality and integrity. It authenticates servers via digital certificates, preventing man-in-the-middle attacks. Though succeeded by TLS, "SSL" remains widely used for secure HTTPS web

What is SSL?

SSL stands for Secure Sockets Layer and is a security protocol invented by Taher Elgamal, the chief computer scientist at Netscape Communications. The first release of SSL was version 2.0 ( Feb 1995 ), Having been reinvented half a dozen times and rebranded once, SSL in its current state is referred to as TLS 1.3. Today, SSL/TLS is used in various applications primarily between users (via a mobile device, laptop, etc) accessing application resources where the application resources may be on-premise, cloud-based (in an AWS VPC or Azure VNET) or an E-commerce site.

The concept behind SSL was to provide confidentiality and integrity to message transmission for users who wanted to make purchases online using their credit card or let site visitors maintain their privacy from others sharing the network. Encrypting data and sending it over the wire is not a complex task, but if you don’t know the person sending you data and you don’t have the decryption keys, there is not a lot you can do when the buffer fills up with several megabytes of hexadecimal junk. The industry needed a way to distribute encryption keys to people who didn’t know they needed them…

How SSL Works: Building a Shared Secret over a Public Medium

Two parties who have never met, decide they want to send some information to each other over a public medium. This public medium is made up of several segments of a home LAN network, the local loop of the ISP, about a dozen interconnected fiber optic backbone providers such as Centurylink, AT&T, and Verizon, and finally another local loop of an ISP that powers the co-location facility that hosts the second party’s website. Because of the variety of the network interconnections and authority governing each of those network segments, the need for encryption as a matter of practicality becomes painfully obvious. But for two parties who have never met before, and are not able to communicate privately, a method for arriving at a shared secret doesn’t exactly jump off the page. Here is where the story turns to a mathematical marvel known as the Diffie-Hellman Key Exchange protocol.

An actual computation of sample values using the mathematical operations might be a bit of mind bender for someone not well versed in algebraic solutions, but a dehydrated version goes something like this:

The two parties are going to choose two random numbers and communicate them in the open, unfrazzled by the idea of someone listening in. Now both parties have the two numbers. Each person is going to choose another number and keep that number to themselves. Now the fun part: each party is going to take their secret number and the two shared numbers and tie a mathematical knot in them. This new ‘knotted’ number is sent over the wire to the other person. The other person does the same trick with the two known numbers and THEIR secret number, then they send their own ‘knot’ back over to the first party. Then each party takes the ‘knotted’ number sent to them in the open and unties it with their secret number. At the end of this knotty fiasco, each party has arrived at the same number and no one in the middle is able to calculate that number from what they know in a reasonable amount of time.

This new value that they both have is the shared secret. It can be used as an encryption key, or a way to arrive at another encryption key. This forms the basis of what is known as SSL.

Frequently Asked Questions

Secure Sockets Layer (SSL) is a security protocol that encrypts data exchanged between a user's browser and a website's server. This encryption helps protect sensitive information such as login credentials, payment details, and personal data from being intercepted by cybercriminals.
An SSL certificate uses encryption to convert data into a secure format that can only be read by authorized parties. When a user submits information through a website, SSL ensures that the data remains confidential while traveling across the internet.
SSL (Secure Sockets Layer) is the original encryption protocol developed to secure internet communications. Today, most modern websites actually use TLS (Transport Layer Security), which is the newer and more secure successor to SSL. Although the term “SSL certificate” is still widely used, modern certificates typically support TLS encryption. In practice, when people say “SSL,” they usually mean the secure HTTPS connection powered by TLS.
Share

The Era Has Shifted. Has Your Architecture?

Download the three-part Containment Era whitepaper series. Then see your own blast radius with a Workload Attack Path Assessment.

Cta pattren Image