The SSL protocol is a security system that encrypts the information exchanged between two sites when they connect through the network. Its acronym is an acronym for Secure Sockets Layer, which more accurately translates as "secure connection layers".
This technology for keeping the connection secure is part of the OSI (Open System Interconnection) security model. It is a model made up of 7 layers, called abstraction layers, which protect different parts of the system. It is similar to covering a body with different blankets to protect it from the cold. The SSL protocol, for its part, also follows this layered protection model, exchanging a series of actions between the user and the server to which it connects, which generate these layers. In reality, it works as a protective layer of another system, TCP (Transmission Control Protocol), which initiates the link protocol.
why is it so important?
Nowadays, we carry out almost all of our transactions over the Internet: reservations, bureaucratic procedures, subscriptions, contract signatures... Not to mention the number of purchases we make. In the process, as is the case when these actions are carried out personally, personal data and information are exchanged that are sensitive and susceptible to protection. We are talking, for example, about bank account numbers, security codes and passwords; but also about personal data such as our address, telephone number and place of birth.
Digital security is not only about protecting our secrets, but also about maintaining privacy and anonymity. Where we are, who we are, how much time we have spent on the computer, which pages we visit the most... All this information says a lot about us and, although it seems that when we connect to a computer we are alone with the device, there are threats that try to get hold of all this data, even the most insignificant. These hackers follow the maxim that information is power, and everything they can find out about us they can sell to other people to use it for commercial purposes, but also for criminal purposes.
Faced with such exposure, the need to protect oneself soon arises. The websites that users access offer a confessional-worthy promise of security: any data you leave with us will be seen and processed only by us, no one else has access to this digital "conversation". That, in telematics parlance, is a plus for customers who feel vulnerable. But how do they do it?
how does it work?
This communication takes place between two servers, or between server and client. In other words, we are talking about a security tool that encrypts a conversation between two parties. Although we spoke earlier about layers of protection, the reality is that SSL leaves all the information uncovered, but prevents it from being decipherable by anyone. A third party can sneak into the connection between the two parties, but will be unable to decrypt any of the information previously exchanged. Absolute security on the Internet is still a utopia, but cryptography is alleviating the most immediate needs.
The SSL protocol is compatible with almost all devices, browsers and servers, i.e. it works for connections between an iOS mobile phone and a Windows computer, between a website and a search engine, different servers...
When two computers are connected, the connection and the search for SSL protection begins.
- The user requests a secure connection to the website he wants to access, as if he wanted to make sure that the site he is entering is secure.
- The website's server returns the certificate with a public key of the server, along with other necessary specifications.
- The browser will then check the validity of the certificate and, if it believes it is invalid, will ask the user to accept manually and at their own risk to access the address they have requested. If all goes well, the highest level of protection is selected.
- The user uses the previous public key to send the encrypted symmetric key created by the browser, thus producing a two-way encrypted communication and initiating the session in the most secure way possible.
We can see, therefore, that two cryptographies are used:asymmetric and symmetric. The first is used for the exchange of keys, and the second for the communication between the two parties. These steps, which at first sight might seem slow and time-consuming, take place instantaneously and without our noticing .
In addition to creating encryption algorithms, SSL also assesses vulnerabilities and detects malware on the site being accessed.
how do I know if my connection has SSL protection?
There are two visual and quick ways to make sure you are under SSL protection: the URL and the padlock symbol. If you access a web page and the URL says http://, this means that there is no SSL protection; if there is, https:// appears. This "s" makes the difference. Apadlock symbol may also appear at the end of the search bar, which visually indicates the protection of the connection .
In the event that the page or server being accessed does not have this system, or others, a message will appear in the browser with messages such as "this connection is not secure" or requesting express permission from the user to access, confirming that they are doing so without all possible protection.
SSL protection is another of the aspects that the search engine algorithm uses to position one website over another, giving priority to those that do offer security. Therefore, it is not only good for those who access the site, but also for those who manage it, as it favours positioning over others who do not acquire and invest in security. Protection of this calibre can be obtained through hosting providers that offer different packages for sale, or, if you already have one, it can be exported from one server to another .