SECURITY TOPICS

What Is SSL,TLS and HTTPS?

Symantec SSL/TLS certificates offer RSA and ECC encryption algorithms—to help you create a more secure and scalable future for your business.

What is SSL,TLS and HTTPS?

  • SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
  • It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
  • TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC or RSA encryption.
  • HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
Website Security

How Does an SSL/TLS Certificate Work?

The basic principle is that when you install an SSL certificate on your server and a browser connects to it, the presence of the SSL certificate triggers the SSL (or TLS) protocol, which will encrypt information sent between the server and the browser (or between servers); the details are obviously a little more complicated.

SSL operates directly on top of the transmission control protocol (TCP), effectively working as a safety blanket. It allows higher protocol layers to remain unchanged while still providing a secure connection. So underneath the SSL layer, the other protocol layers are able to function as normal.

If an SSL certificate is being used correctly, all an attacker will be able to see is which IP and port is connected and roughly how much data is being sent. They may be able to terminate the connection but both the server and user will be able to tell this has been done by a third party. However, they will not be able to intercept any information, which makes it essentially an ineffective step.

The hacker may be able to figure out which host name the user is connected to but, crucially, not the rest of the URL. As the connection is encrypted, the important information remains secure.

 

1. SSL starts to work after the TCP connection is established, initiating what is called an SSL handshake.

2. The server sends its certificate to the user along with a number of specifications (including which version of SSL/TLS and which encryption methods to use, etc.).

3. The user then checks the validity of the certificate, and selects the highest level of encryption that can be supported by both parties and starts a secure session using these methods. There are a good number of sets of methods available with various strengths - they are called cipher suites.

4. To guarantee the integrity and authenticity of all messages transferred, SSL and TLS protocols also include an authentication process using message authentication codes (MAC). All of this sounds lengthy and complicated but in reality it’s achieved almost instantaneously.

What is an SSL/TLS Certificate?

SSL/TLS & HTTPS Explained

Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business.

LEARN MORE

What is EV SSL/TLS Certificates

Symantec SSL/TLS Certificates with Extended Validation (EV) provide solutions that allow companies and consumers to engage in communications and commerce online with confidence.

Continue Reading

FATCA Data with Symantec Secure Site SSL Certificate

FATCA Data with Symantec Secure Site SSL Certificate

The Foreign Account Tax Compliance Act (FATCA) was enacted in 2010 to improve transparency and address
non-compliance by U.S. taxpayers.

Continue Reading

Client Certificates vs. Server Certificates

Client Certificates vs. Server Certificates What’s the Difference?

Mention PKI or ‘Client Certificates’ to many people and it may well conjure up images of businesses busily protecting and completing their customers’ online transactions, yet such certificates are to be found throughout our daily lives, in any number of flavors; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, used in central London.

Continue Reading

USE CASES

Symantec Website Security Solutions In The Real World

Join the Community

Join Security Discussions on Symantec Connect

SYMANTEC CONNECT

Follow Threat Intelligence on Twitter @Threatintel

SYMANTEC ON TWITTER

Watch Videos on the Symantec Website Security YouTube Channel

SYMANTEC ON YOUTUBE