The Secure Socket Layer, SSL for abridge, is a concordat by which many services that communicate over the Internet can do so with a secure fashion. Before we discuss how can SSL work and what kinds of security it accommodates, let us see what happens without SSL.
Life on the Internet without SSL !
Analyze communications between computers on the Internet and communications between people over the telephone. Without SSL, computer-to-computer communications suffer from the same security problems from which the telephone communications problem:
- Who are you talking to? In a phone confabulation, how can you be assured that the person who receives the phone at the other end is really the person you are trying to call (particularly if you have never spoken to them before)? What would your phone call was interrupted or re-routed, or what would someone else is answering your call recipient’s phone? There really is no way to be sure you have reached the right person, especially if they are actively trying to buffoon you.
- To listen secretly to the private conversation of others? ? As you are alert of from watching TV or reading, it is very easy to tap phone lines: the police and spies do this all the time to furtively aggregate information. It is not easy to ascertain if your lines are tapped. The same applies with telecommunications over the Internet — how would you know that your telecommunications are not being “tapped” and recorded. This is very specifically disputable in public wifi hotspots.
This aftermath in two very absolute security concern for telecommunications over the Internet: one. knowing for sure that you are connecting to the right servers and two. Knowing that your data is free from danger to prying eyes during transit to those computers. This is where SSL comes in.
Enter the Secure Socket Layer (SSL)
To construe these problems to a comprehensive degree, most Internet services abutment use of SSL as a mechanism for securing communications. To delineate how SSL works, let us use alternative analogy.
Consumer wants to acquaint with a company to send important illumination back and forth. Consumer wants to be 100% sure that she/he is acquainting with this accurate company and that no one can monitor on or interrupt the converse. How can she/he do this?
- Consumer sends a courier to the company’s address.
- • The company has enclosure that, when it closed, can only be opened by the company. The company and the courier go well adjusted to a loyal third party — a notary —, which makes the company, accommodate endorsement to affirm its identification. The notary accredits the company’s secure enclosure and the courier takes these back to the consumer.
- The consumer gets the enclosures and, if it assurance the notary’s distinction, can be assure that they are absolutely from the company marked.
- The consumer also has immune enclosure that once sealed, only the consumer can open. It puts some of these in one of the company’s immune enclosure and sends them back to the company.
- The company gets the secured immune enclosure. It opens the enclosure (as only it can). It now has the consumer’s secure enclosures.
- The company has different kind of enclosure that can be opened and secured only by using a distinctive aggregate. The company puts this appropriate enclosure with the combination lock, together with the combination, into one of the client’s secure envelopes. The company seals the envelope.
- The company has different type of secure enclosure that anyone can open, but which only the company can assure. If you open one of these secure enclosures, you know for assure that it was sent by the company. The company puts the whole package inside this and sends it to the consumer.
- When the consumer gets the secure enclosure, it opens it and thus knows that it came from the company. It then opens the next secure enclosure inside that can only be opened by the consumer. Inside it gets out the combination-enclosure and the combination itself.
- The consumer the puts his data in the combination enclosure, secured it and sends it to the company.
- The company receives it, opens it, and puts the response in the same secure enclosure and sends it back.
- The procedure is repeated as often as necessary for required communications.
SSL in Action
So, let us see how SSL genuinely works for safe your articulations over the Internet. Before the articulations happen, the following takes place:
- A company choices to safe communications to their server company.com.au
- They actualize a public and intimate key for company.com.au (this is also called as “SSL Certificate“).
- Once the affidavit is finish, that we give the company a new civil key that has some additional illumination in it. This illumination is the certification from that we that this civil key is for the company and company.com.au and that this is verified by SoftON. This certification illumination is encrypted using SoftON’s private key… we will see why below.
Then, when Consumer wishes to communicate with the company at company.com.au
- Consumer makes an acquaintance to company.com.au with its computer. This connection is made to an appropriate “port” (address) on company.com.au that is set up for SSL communications only.
- Consumer gets the civil key and adjudges if it is Okay…
- If the civil key has expired, this could be a problem
- If the civil key allegation to be for some domain that is not company.com.au that could be a problem.
- Consumer has the civil key for SoftON stored in its computer — because these come with the computer. Thus, consumer can decipher the confirmation information, prove the validation is from Thawte and verify that the civil key is certified by SoftON. If Consumer trusts SoftON, then Consumer can assurance that he/she is really communicating with Company. If Consumer does not trust SoftON, or whatever Third Party company is actually being used, then the identity of who is running the computers to which Consumer is connecting is suspect.
- If the consumer does not swear the server, then the communication is abolished.
- If the consumer has its own SSL certificate installed, it may send that to the server at this point to see if the server trusts the consumer. Consumer-side SSL certificates are not commonly used, but accommodate a good way for the consumer to authenticate itself with the server without using a username or password. In the case where this is used, the server would have to know about the consumers’ certificate and verify it in an agnate way to how the consumer confirmable the server. If this fails, the connection will be abolished. If a consumer-side certificate is not needed, this step is abstained.
- Once the consumer is happy with the server (and the server with the consumer, if needed), then the consumer choose an SSL Cipher to use from the list of encryption methods provided by the server, and generates a “SoftON key” (password) for use with that blank. The consumer of SoftON this password using the server’s public key and sends it back to the server. The server (and only the server) can break this message and get this password, which is now shared by both the consumer and server.
The consumer will then start communicating with the company by encrypting all data using this password and the chosen Cipher. Normal “SoftON” (password-based) encryption takes place from this point forward because it is much faster than using the public and private keys for everything. These passkeys were needed to accredit the company (and possibly the consumer) to prove its identification and right to domain.com.au and to enable the consumer and server to generate and securely communicate a common password.