Cradicle Explorer
CyberSec
/ Foundations / Core Concepts / SSL.md
SSL.md
 1  **Secure Sockets Layer (SSL)** is a standard security technology for establishing an encrypted link between a web server and a browser. This protocol ensures that all data transmitted between the server and the client remains private and integral, protecting sensitive information such as credit card details, login credentials, and personal data.
 2  
 3  ## Key Features
 4  
 5  - **Encryption**: SSL encrypts data in transit, preventing unauthorized parties from intercepting or tampering with the information exchanged between the client and server. This is crucial for secure online transactions and communications.
 6  - **Authentication**: SSL uses digital certificates to authenticate the identity of the server. This ensures that users are communicating with the intended server and not an imposter, thereby enhancing trust.
 7  - **Data Integrity**: SSL ensures that data sent over the connection cannot be altered without detection. This is achieved through cryptographic hash functions that verify the integrity of transmitted data.
 8  
 9  ## How SSL Works
10  
11  1. **Handshake Process**: When a client connects to a server using SSL, a handshake occurs where the client and server establish parameters for the secure connection. This includes agreeing on encryption methods and exchanging keys.
12  2. **Certificate Exchange**: The server sends its SSL certificate to the client. The client verifies this certificate against trusted certificate authorities to ensure its validity.
13  3. **Session Key Generation**: After authentication, both parties generate a symmetric session key used for encrypting and decrypting data during the session.
14  4. **Secure Communication**: Once the session key is established, all subsequent data transmitted between the client and server is encrypted using this key.
15  
16  ## Transition to [[TLS]]
17  
18  SSL has been succeeded by Transport Layer Security ([[TLS]]), which offers improved security features and is now the standard for secure communications over networks. Despite this, many people still refer to [[TLS]] as SSL due to its historical significance.
19  
20  ## Importance of SSL
21  
22  - **Web Security**: SSL is essential for securing websites, especially those handling sensitive user information. Websites using SSL are indicated by "https://" in their URL and often display a padlock icon in the browser's address bar.
23  - **User Trust**: Implementing SSL on websites helps build user trust by assuring visitors that their data is protected during transmission. Browsers may flag sites without SSL as "not secure," discouraging users from interacting with them.
24  
25  ## Obtaining an SSL Certificate
26  
27  To enable SSL on a website, a digital certificate must be obtained from a trusted Certificate Authority (CA). The process typically involves generating a Certificate Signing Request (CSR), submitting it to the CA for validation, and installing the issued certificate on the web server.