1. What is SSL ?
SSL (or Secure Socket Layer) is an Internet security protocol based on encryption . It was originally developed by Netscape in 1995 to ensure privacy, authentication and data integrity in Internet communications. SSL is the predecessor of modern TLS encryption used today . Use SSL / TLS Web site's URL in with "HTTPS" , instead of "HTTP" .
2 , SSL / TLS how it works?
1 ) In order to provide a high degree of privacy, SSL will encrypt data transmitted over the network. This means that anyone who tries to intercept this data will only see garbled characters, and it is almost impossible to decrypt it.
2 ) SSL initiates an authentication process called a handshake between two communicating devices to ensure that the two devices are indeed the true identities they claim.
3 ) SSL also digitally signs the data to provide data integrity and verifies whether the data has been tampered with before reaching the target recipient.
SSL has undergone many iterations, and each iteration is more secure than the last. SSL was updated to TLS in 1999 .
3. Why is SSL/TLS so important?
Initially, data on the Web was transmitted in plain text, and anyone who intercepted the message could read it. For example, if a consumer visits a shopping website, places an order and enters their credit card number on the website, then the credit card number will be broadcast in clear text on the Internet.
SSL was created to correct this problem and protect user privacy. By encrypting any data transmitted between the user and the web server, SSL ensures that anyone intercepting the data can only see the messy characters. The consumer's credit card number is now safe and visible only on the shopping website where they entered the password.
SSL can also block certain types of Internet VPNs: it authenticates the web server, which is important because the hackers usually try to establish fake websites to deceive users and steal data. It can also prevent hackers from tampering with the data in transmission.
4 , SSL and TLS are the same thing?
SSL is the immediate predecessor of the TLS (Transport Layer Security) protocol. In 1999 , the IETF proposed an update to SSL . Since this update was developed by the IETF and no longer involves Netscape , the name is also changed to TLS . There is not much difference between the final version of SSL ( 3.0 ) and the first version of TLS . Name changes are more due to changes in ownership.
Because they are so closely related, the two terms are often used interchangeably and confused. Some people still use SSL to refer to TLS , while others use the term "SSL/TLS encryption " because the name of SSL is still highly recognizable.
5 , SSL still update it?
Since the use of SSL 3.0 in 1996 , no updates have been made to SSL , and it is now considered deprecated. There are multiple known vulnerabilities in the SSL protocol, and security experts recommend that you stop using it. In fact, most modern web browsers no longer support SSL at all .
TLS is the latest encryption protocol, and it is still in use, although many people still call it "SSL encryption " . For people who buy security solutions, these concepts may be confused. The fact is that almost any vendor that provides "SSL" today can provide TLS protection with almost certainty , which has become an industry standard for more than 20 years. However, since many people are still searching for "SSL protection " , the term remains prominent on many product pages.
6. What is an SSL certificate?
Only websites that have an SSL certificate (technically should be a "TLS certificate " ) can implement SSL . SSL certificates are like ID cards or badges, used to prove that someone is who they say they are. The SSL certificate is stored by the server of the website or application and displayed on the Web .
One of the most important information in an SSL certificate is the public key of the website. The public key makes encryption possible. The user's device views the public key and uses it to establish a secure encryption key with the Web server. At the same time, the Web server also has a secret private key, which is used to decrypt data encrypted with the public key. The certificate authority ( CA ) is responsible for issuing SSL certificates.
7 , SSL what type certificate is?
There are several different types of SSL certificates. A certificate can be applied to one or more websites, depending on the type:
1 ) Single domain: Single domain SSL certificate is only applicable to one domain ( " domain " is the name of the website, such as www.cloudflare.com ).
2 ) Wildcard: Like a single domain certificate, a wildcard SSL certificate is only applicable to one domain. However, it also includes subdomains of the domain. For example, wildcard certificates can cover www.cloudflare.com , blog.cloudflare.com and developers.cloudflare.com , while single domain certificates can only cover the first one.
3 ) Multi-domain: As the name implies, a multi-domain SSL certificate can be applied to multiple unrelated domains.
SSL certificates also have different verification levels. The verification level is just like a background check, and the level will vary based on the thoroughness of the check.
1 ) Domain verification: This is the most stringent verification level and the cheapest level. All the business needs to do is prove that they control the domain.
2 ) Organizational verification: This is a more practical process: CA directly contacts the person or enterprise requesting the certificate. These certificates are more trusted by users.
3 ) Extended verification: This requires a comprehensive background inspection of the organization before issuing an SSL certificate.
8 , SSL / TLS cipher suites introduction
The security of any SSL/TLS- protected connection depends largely on the choice of cipher suites by the client and server. But what is a cipher suite? If you use file transfer protocols such as HTTPS , FTPS and AS2 , but don't know what a cipher suite is, you need to read this article.
The definition of a cipher suite is simply the complete set of methods (technically called algorithms) required to protect network connections through SSL/TLS . The name of each set represents the specific algorithm that composes it. The algorithm that constitutes a typical cipher suite is as follows:
1 ) Key exchange algorithm: specifies the method of exchanging symmetric keys;
2 ) Authentication algorithm: Indicate how to perform server authentication and (if required) client authentication;
3 ) Batch encryption algorithm: Indicate which symmetric key algorithm will be used to encrypt the actual data;
4 ) Message Authentication Code ( MAC ) algorithm: indicates the method that the connection will use to perform data integrity checks;
A cipher suite usually consists of a key exchange algorithm, an authentication algorithm, a batch encryption algorithm and a MAC algorithm. Key exchange algorithms include RSA, DH, ECDH, ECDHE, etc.; authentication algorithms include RSA, DSA, ECDSA; bulk encryption algorithms include AES, 3DES, CAMELLIA; MAC algorithms include SHA, MD5, etc. Let's look at an example of a cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Let us disassemble one by one to see:
1 ) TLS stands for the protocol used;
2 ) ECDHE stands for key exchange algorithm;
3 ) ECDSA stands for authentication algorithm;
4 ) AES_256_CBC represents the bulk encryption algorithm;
5 ) SHA384 stands for MAC algorithm.
AES_256_CBC means that this cipher suite exclusively uses 256 -bit AES running in CBC (Cipher Block Chaining) mode . Similarly, SHA384 indicates that the cipher suite is using a specific version of the Secure Hash Algorithm ( SHA ). Sometimes, the protocol used is omitted, as shown in the following example:
DHE_RSA_AES256_SHA
1 ) DHE : indicates the key exchange algorithm;
2 ) RSA : represents the authentication algorithm;
3 ) AES256 : indicates the batch encryption algorithm;
4 ) SHA : Represents MAC algorithm.
Sometimes, the repeated algorithm is written only once. For example, in the cipher suite RSA_AES256_SHA , it is implied that the authorization algorithm is RSA .