How SSL Encryption Works on the Internet

on this occasion I will convey some information about How SSL Encryption Works on the Internet In 1990, the internet as we know it was born. Since its inception, it has used the HyperText Transfer Protocol (HTTP) to move information around the world. That’s why web addresses start with HTTP.

How Does an SSL Certificate Make a Secure Connection?

When a browser tries to access a website secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL Handshake is invisible to the user and occurs instantly.

In essence, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.

Since encrypting and decrypting with private and public keys requires a lot of processing power, they are only used during an SSL Handshake to generate a symmetric session key. Once a secure connection is established, the session key is used to encrypt all transmitted data.


How SSL Encryption Works on the Internet

How Encryption Works on the Internet

What is Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client – usually a web server (website) and a browser, or an e-mail server and e-mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Typically, data sent between the browser and the web server is sent in plain text—making you vulnerable to eavesdropping. If attackers can intercept all data sent between the browser and the web server, they can view and use the information.

More specifically, SSL is a security protocol. The protocol describes how the algorithm should be used. In this case, the SSL protocol defines encryption variables for both the link and the data being transmitted

What is an SSL Certificate and How Does it Work?

An SSL certificate establishes an encrypted connection and builds trust.
One of the most important components of an online business is creating a trusted environment where potential customers feel confident in making a purchase. SSL certificates create a foundation of trust by establishing a secure connection. To ensure their visitors’ connections are secure, browsers provide visual cues, such as a lock icon or a green bar.

Also read: Rare to Choose the Best Internet Security Antivirus

SSL certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. The certificate also contains what is called a “subject”, which is the identity of the certificate owner/website.

To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This process generates a private key and a public key on your server. The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key. The CA uses the CSR data file to structure the data to match your private key without compromising the key itself. The CA never sees the private key.

Once you receive the SSL certificate, you install it on your server. You also install an intermediate certificate that establishes the credibility of your SSL Certificate by binding it to your CA root certificate. Instructions for installing and testing your certificate will differ depending on your server.

Also read: Some Antivirus Features


Standard SSL handshake

The following is a standard SSL handshake when the RSA key exchange algorithm is used:

Information needed by the server to communicate with the client using SSL. This includes SSL version number, password settings, session specific data.

  • Master’s Decryption and Secret

The server uses its private key to decrypt the pre-master secret. Both Server and Client perform steps to generate master secret with agreed cipher.

Information needed by the server to communicate with the client using SSL. This includes SSL version number, password settings, session specific data.

  • Encryption with Session Key

Client and server exchange messages to inform that the next message will be encrypted.

  • Authentication and Pre-Master Secret

The client authenticates the server certificate. (eg Common Name / Date / Issuer) The client (depending on the cipher) creates a pre-master secret for the session, Encrypts with the server’s public key and sends the encrypted pre-master secret to the server.