The History of SSL/TLS: Part 1 – Basics of SSL and TLS

The History of SSL/TLS: Part 1 – Basics of SSL and TLS

Even if at least they know it, SSL and especially TLS are the protocols we use most often on the Internet. SSL and its successor TLS are protocols which are used to encrypt our surfing on the Internet. They are also the ones that turn the “http” in our address bar into “https“. In the following we want to talk about the basics of SSL and TLS.

Basics of SSL and TLS – Function

Encrypted aware7.de Website
Encrypted aware7.de Website

SSL and TLS form the basis for secure data transmission when surfing. Our web browsers use these protocols to establish a secure connection to a website through encryption. This is to ensure that our data cannot be read or changed during transmission. The SSL (“Secure Socket Layer”) protocol has now been replaced by the standardized successor TLS (“Transport Layer Security”). Although TLS is the successor of SSL, the term SSL is still used today due to its popularity.

The most used protocol on the Internet

The Transparenzbericht published by Google shows that 91% of all Google searches in Germany are currently encrypted. Likewise the statistics of the certification authority Let’s Encrypt, here in the Blog already presented , show that over 180 million certificates for the encryption of web pages were created there in the last 3 years. Finally a study of the network equipment company Sandvine shows that in 2018 more SSL/TLS encrypted connections were used than unencrypted ones.

Basics of SSL and TLS – Protection Objectives

Encryption and security while surfing the Internet takes place between the browser and the website. The main tasks of SSL and TLS during this communication are the following:

  • The authentication of the website – I really surf with aware7.de?
  • The confidentiality of the data – only aware7.de and my browser know which data is transferred?
  • The integrity of the data – Were the transmitted data not changed during the transmission?

These questions are to be solved by the use of SSL and TLS. Therefore a certificate is exchanged between the web browser and the web page each time a web page is called. This certificate is then checked for validity by the browser. If this check fails, we as the user receive a warning from the browser. In such a case it is not recommended to continue surfing on the respective website.

SSL and TLS are therefore used to protect our connection to a website from being read and manipulated. Therefore you use certificates to ensure who is communicating with and to establish a secure connection. To understand how this works, in the next part of this series we will look more closely at certificates and their use.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.