Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
tempor incididunt ut labore et dolore

January 9, 2018

Basic Server Security – What Are SSL/TLS And Why Are They Important

One of the characteristics of the early internet is that it was seen as a very trusting place. As such, many of the communications etiquette used online provided no procedure to verify the server you are interacting with, or to prevent anyone interrupting your interactions and reading them. This meant that when navigating to a website, not only could you not confirm whether the server you were linking to was the one you thought you were clinking to, but also that anyone that could interrupt what you were sending to it (such as passwords) could easily read them in plain text.


The Secure Sockets Layer (SSL) protocol was earlier devised by Netscape as a way of resolving these deficiencies. It provided for a cryptographically signed certificate that could be issued to a server that could be used to identify itself, and prove that it should be serving web pages for the domain you were connecting to. In addition, it provided a method by which a web browser and a web server could encrypt the data transferred between them meaning that if someone did intercept the network traffic between them that the data collected would be useless to them.


Transport Layer Security (TLS) was founded as an upgrade to SSL. It was released in 1999 and built on the foundations that SSL created. Due to the fact that the same certificates were made use of for both SSL and TLS, and that the same software libraries dealt with both forms of security, the term SSL is often used to refer to both SSL and TLS, although the SSL protocols themselves have been found to be broken and have been unsuitable for use for a number of years.


SSL involves two protocols , namely handshake protocol and record protocol. The handshake protocol describes how the client and the server establish an SSL connection with the cryptographic system that each host is willing to use for the communication as well as the cryptographic material such as public keys as session keys for the authentication of transferred data.


The record protocol describes how communicating hosts exchange data using SSL, including specifications for how data is to be prepared for transmission and how it is to be verified or decrypted on receipt.


For more information Visit Ideastackhosting

Comments (0)

Write your comment