SSL (Secure Sockets Layer)

Secure Sockets Layer (SSL) is a protocol developed by Netscape for providing a secure connection between two or more devices via the Internet. This encryption is necessary to secure and safeguard private data such as personal details like names and addresses of individuals or financial information like credit card numbers while in transit between the user’s device and the server. Until the early 2000s, the Secure Sockets Layer was a key technology in making internet commerce possible.

How does SSL work?

SSL uses a cryptographic system that uses two keys to encrypt data a public key known to everyone and a private or secret key known only to the recipient of the message. Most web browsers support Secure Sockets Layer and its successor TSL, and many websites use the protocol to obtain confidential user information including credit card numbers. By convention, URLs that require an SSL connection start with https instead of HTTP.

This is not meant to imply that SSL and S-HTTP are identical protocols, only that the two are closely related and easily recognized by the https label. Whereas SSL creates a secure connection between a client and a server over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. The two therefore, can be seen as complementary rather than competing technologies. Both protocols were approved by the Internet Engineering Task Force (IETF) as standards.

SSL operates by implementing a three-step handshake that is layered on top of a TCP connection:

  1. When a web browser tries to connect to a website, the browser will first request the web server identify itself. This prompts the webserver to send the browser a copy of the certificate.
  2. The browser checks to see if the certificate is trusted and if it is, the browser sends a verification message to the webserver.
  3. The server then responds to the browser with a digitally signed acknowledgment to start an encrypted session. This allows encrypted data to be shared between the browser and the server, as identified by the HTTPS label instead of HTTP.

SSL vs. TSL: What are the differences?

Secure Sockets Layer is the predecessor to Transport Layer Security (TLS). In 2014, the 3.0 version of SSL was considered vulnerable due to POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks, which allowed secure HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. Today, SSL 3.0 is considered obsolete and has been succeeded by Transport Layer Security (TLS), but it is still widely deployed. TLS refines the handshake process of SSL and improves some of the security vulnerabilities to create a more reliable protocol. TSL certificates are sometimes falsely referred to as SSL certificates, but the protocol has rarely been used since it was officially deprecated in 2015.

TLS 1.0 version was introduced in 1991, its more recent version (TLS 1.3) has been in use since 2018.

Both SSL and TLS work for data encryption, but key differences exist. The Fortezza cipher suite is supported by SSL, while TSL offers no support for such. Instead, TSL creates new cipher suites for an easier encryption process. Such cipher suites include IDEA, RC4, AES, etc. Additionally, the recording protocol for TLS is the more recent Hash-based Message Authentication Code (HMAC), while SSL uses Message Authentication Code (MAC).

What are the benefits of SSL?

SSL helps to confirm the identity of a website. This confirmation may aid better visibility by pushing the website up on Google’s Search Engine Result Pages (SERPs). Aside from this, users trust such a website since getting an SSL installation involves a governing body—Certificate Authority (CA) which is saddled with the responsibility of verifying your organization’s identity. Operators of websites that carry out online transactions need to satisfy the Payment Card Industry (PCI/DSS) requirements. Having a method to secure data while in transit is one of the criteria that makes it possible to operate online payments.

More at eSecurity Planet: Read deeper on how encryption tools are constantly evolving to keep data safe.


Originally published in 1996, this article was most recently researched and updated by Chika Uchendu in October 2021.

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads,...

AutoLocky Ransomware

AutoLocky is ransomware written in the popular AutoIt scripting language. It uses strong...

Data Governance

Data governance is a term used to refer to the management of processes,...