What is SSL Protocol? How Does SSL Protocol Work?
Friends, in today’s post, we will know what is SSL Protocol? And How Does SSL Protocol Work?
What is SSL Protocol?
Secure Sockets Layer (SSL) is a networking protocol designed to establish a secure connection between web clients and web servers over an unsecured network. After formally being introduced in 1995, SSL made it possible for a web server to securely enable online transactions between consumers and businesses.
In simple words, SSL (Secure Sockets Layer) is a technology of security that is used to establish a secure connection between a web server and a web browser. In this, the secure link is in an encrypted format, so it assures the users that the data that is passed between this link is private and original. SSL is an industry-standard protocol used by many websites to protect their online transactions with their customers.
SSL (Secure Sockets Layer) was developed by Netscape Communications to allow a secure connection between a web browser and a web server. The first version of SSL was never released due to some problems regarding the security of credit card transactions over the Internet. In 1994, another version was made again by Netscape Communications, named SSLv2, which overcame the problem with the earlier version and was now able to secure credit card numbers and other sensitive data. In 1995, Netscape went a step further and strengthened its cryptographic algorithms to solve problems related to SSLv2, and they released it under another version called SSLv3, which supports many other security algorithms that support SSLv2. were not supported by
How Does SSL Protocol Work?
SSL consists of two separate entities named server and client. The client is the entity that initiates the transaction from the other side. The server is the entity that responds to the client. SSL works on three protocols namely Handshake Protocol, Record Protocol, and Alert Protocol. The server is authenticated by the client at the time of Handshake Protocol. After the completion of the Handshake Protocol, the Record Protocol is used to encrypt the data transfer. Lastly, the Alert Protocol is used to handle any suspicious packets if someone ticks at any point in time of the alarms tick. SSL has 3 primary components (protocols). SSL is divided into these 3 protocols.
1) SSL HANDSHAKE PROTOCOL
In this protocol, the server is always authenticated by the client, and the server also has the option of authenticating the client. In other words, you can say that the clients are not authenticated by the webserver during the handshake protocol as it has other methods of verifying the client besides SSL. A secure channel is established between the client and the server through the SSL handshake protocol. This protocol provides information about keys and algorithms to the SSL record protocol. Through this protocol, clients and servers perform 3 primary tasks.
Clients and servers determine the cryptographic algorithm. This is the algorithm by which the data will be encrypted. When both the client and the server support any one algorithm, then it is selected.
Clients and servers authenticate each other.
Keys are exchanged with each other so that the data can be decrypted on the other side.
2) SSL RECORD PROTOCOL
The SSL Record Protocol is responsible for handling all encryption of the message. This protocol provides a common format to frame all Alert, ChangeCipherSpec, Handshake & application protocol messages. SSL Records consist of encapsulated data, digital signature, message type, version & length. SSL Records are 8 bytes long. The SSL record protocol performs fragmentation, compression, and encryption of data. The functions of this property are being explained below.
Breaking the data received from the application layer into fixed-length packets.
Compressing the data.
Adding Message Authentication Code (MAC).
Encrypting the broken packets.
Attaching SSL header to all packets.
3) SSL ALERT PROTOCOL
SSL alert protocol represents the problems encountered in sessions through alert messages. The severity of the error and a short description are given in an alert message.
Whenever a fatal error message is received, both the server and the client close the connection. When the connection is closed, through this protocol the client and the server notify each other. For this, a close_notify message is sent. It also presents protocols warnings.