SSL Meaning & Definition

Secure Sockets Layer (SSL) is a protocol developed by Netscape for providing a secure connection between two or more devices via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data a public key known to everyone and a private or secret key known only to the recipient of the message. Most web browsers support SSL, and many websites use the protocol to obtain confidential user information including credit card numbers. By convention, URLs that require an SSL connection start with https instead of http.

This is not meant to imply that SSL and S-HTTP are identical protocols, only that the two are closely related and easily recognized by the https label. Whereas SSL creates a secure connection between a client and a server over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols were approved by the Internet Engineering Task Force (IETF) as standards.

How does SSL work?

SSL operates by implementing a three-step handshake that is layered on top of a TCP connection:

  1. When a web browser tries to connect to a website using SSL, the browser will first request the web server identify itself. This prompts the web server to send the browser a copy of the SSL Certificate.
  2. The browser checks to see if the SSL Certificate is trusted and if it is, the browser sends a verification message to the web server.
  3. The server then responds to the browser with a digitally signed acknowledgement to start an SSL encrypted session. This allows encrypted data to be shared between the browser and the server, as identified by the https label instead of http.

SSL vs. TSL

Secure Sockets Layer (SSL) is the predecessor to Transport Layer Security (TLS). In 2014, the 3.0 version of SSL was considered vulnerable due to POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks, which allowed secure HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. Today, SSL 3.0 is considered obsolete and has been succeeded by Transport Layer Security (TLS), but it is still widely deployed. TLS refines the handshake process of SSL and improves some of the security vulnerabilities to create a more reliable protocol. TSL certificates are sometimes falsely referred to as SSL certificates, but the SSL protocol has rarely been used since it was officially deprecated in 2015.


Avatar
Kaiti Norton
Kaiti Norton is a Nashville-based Content Writer for TechnologyAdvice, a full-service B2B media company. She is passionate about helping brands build genuine connections with their customers through relatable, research-based content. When she's not writing about technology, she's sharing her musings about fashion, cats, books, and skincare on her blog.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Unregulated Power Supply Definition...

An unregulated power supply is a system that transforms input voltage into direct...

Cybersecurity Awareness Training Definition...

Cybersecurity awareness training informs employees of the attack surfaces and vectors in their...

OST File Definition &...

An OST file, or offline storage table (.ost) file, is an Offline Outlook...