• SSL: what is it?

    Secure Sockets Layer (SSL) is a cryptographic protocol designed to secure communications. This protocol was widely used earlier for the organization of secure reception / transmission of information through the global network, in particular - for secure text messaging and voice communication over IP.

    This article describes in detail what the SSL-protocol.

    A bit of history

    Netscape developed the SSL protocol in 1996 for its browser of the same name, but it quickly gained popularity, and other browsers and web services also began to use it. SSL uses an asymmetric public key cryptosystem developed by RSA.

    Exchange scheme

    The SSL protocol makes it possible to transfer encrypted data through open channels without fear of interception and decryption. The protocol contains two layers - TCP transport, which forms the data packet and is responsible for their transmission over the network, and the security SSL Record Protocol. For secure transmission, the use of both protocol layers is mandatory.

    SSL encryption is performed using cryptographic keys of various sizes - 40, 53256 and 128-bit. The greater the number of bits, the more robust the cipher is.But decrypting even the shortest 40-bit key will take at least 24 hours. Internet Explorer uses 40 and 56-bit keys by default, however, if information secrecy is very important for the user, it is recommended to use 128-bit keys, for which, for example, Internet Security has to additionally download a special security package.

    SSL certificate

    To exchange data via SSL, the server / site must have an SSL certificate that contains encrypted information (however, it is clear to the protocol) about the certificate owner, the certificate authority to which it was issued, and a lot of other useful information. If there is no SSL certificate, the user will be denied access to a potentially dangerous server.

    Communication via SSL certificate

    When using an SSL certificate, the server and the client exchange special unique initialization messages, which contain data about the protocol version, session identifier, type of data encryption and type of their compression. After the "welcome word", the server sends a certificate or key message to the client and requests a client certificate.Then there are several operations to refine and exchange algorithms and keys, and only then begins the process of transferring secret information.

    Of course, this whole procedure takes a lot of time, although for the user the delay is insignificant. However, upon subsequent access, the already �made friends� client and server use the identifier of the previous session.

    No longer safe

    At the beginning of the article we wrote that SSL was actively used earlier, which means that today SSL is no longer considered a sufficiently secure protocol. During the existence of the SSL protocol, a lot of vulnerabilities were discovered in it, and therefore today it is recommended to abandon the use of SSL in favor of the new TLS standard. However, modern hackers will not give a long quiet life and TLS.


    Related news


    Melania Trump has angered the audience with her outfit
    Who went to the March of the World What do you think
    Who are understood
    Bright and warm plaid
    How to increase clearance