What is SSL
SSL stands for Secure Sockets Layer and in this article we’ll answer the question: ‘How does SSL work’. It’s a protocol that is used to encrypt communications between two points. SSL is now considered legacy and has been superseded by TLS, or Transport Layer Security. TLS offers a number of improvements and enhancements over SSL which making it the defacto standard for protecting Internet traffic for a user accessing a website.
Due to the similarities between SSL and TLS and because of the long history of SSL, although it is now obsolete and not recommended for use, people still use the term in conversation. These days however when someone mentions SSL, more than likely the technology in question will actually be TLS.
SSL (and TLS) define cryptographic protocols used to establish a secure communications channel between a client and a server.
This is a general article on SSL and so most of the information is also relevant to TLS so keep that in mind. If you would like to find out what the difference are between the two protocols and why TLS is better then I’d recommend reading our future article on The Differences between SSL and TLS.
What are the benefits of SSL
SSL provides confidentiality and data integrity. It can also optionally provide authentication.
Confidentiality is obtained by encrypting the data so that an unauthorised party should they capture the data will not be able to read it. A Message Authentication Code (or MAC) is sent with the data across across the channel can be used to maintain data integrity. Using the MAC, the receiving party can check that the data they received has not been altered.
SSL can also provide authentication of one or both of the endpoints. It’s very common for the client to authenticate the server and this is what happens when you visit a website that uses HTTPS, that is Secure HTTP. Client authentication is seen a lot less in terms of accessing websites as that is usually handled by the website itself for example with your login credentials. However it is still widely used, for example a lot of corporate wifi installations use client authentication and by doing so allows users to join without having to enter or remember a password.
Client and server authentication uses digital certificates which is a large topic in itself. You can find out a lot more about them, how they are created and used in our up and coming article that answers the question of What is a digital certificate?.
How does SSL Work
To establish a secure connection a client initiates the communication and presents it’s cryptographic information. The server responds with a cipher suite and it’s certificate. The client authenticates the server’s certificate and checks the received cryptographic parameters. The client generates an encryption key, secures it with the servers public key (contained within the server certificate) and sends it to the server. Now that the key exchange has occurred, the client and server can proceed to exchange data messages securely.
What algorithms does SSL use
SSL supports a wide range of algorithms which are split into three categories; Key agreement, encryption ciphers and message authentication. As there are numerous combinations that could be used to secure a connection and there’s no advanced knowledge as to what the client may support a negotiation process takes place to select a supported combination.
Algorithms aren’t created equally and over time weaknesses or vulnerabilities may be discovered. It’s critical for the server terminating the SSL connection to be configured correctly. The list of algorithms to use should be ordered so that the strongest supported combination is negotiated. It’s also very important to disable known weak algorithms as they are identified.
A prime example of this and a reason why we now use TLS over SSL is a vulnerability known as POODLE that relates to SSLv3 and which was disclosed in 2014.
How do I check my connection is secure
Modern web browsers show you that a connection is secure by showing a padlock in the address bar. It’s also possible to view which algorithms have been negotiated for a particular connection. For example my connection to https://google.com with their Chrome browser show the site is encrypted and authenticated using QUIC (a strong protocol), X25519 (a strong key exchange), and AES_128_GCM (a strong cipher).
How important is the server configuration
We’ve already mentioned how important it is to limit and appropriately order the algorithms that are used to secure a connection. As they say, a chain is only as strong as it’s weakest link. So it goes that a strong cipher suite list is just one control and should be coupled by configuration and process that takes into account best practice and up-to-date standards. Man in the Middle attacks are one example of how a user may be inadvertently exposed to by an incorrectly configured server. Our previous article Man in the middle attack prevention explains what what steps a user can take to reduce the threat.
A range of useful links for further reading are included below: