The History of SSL/TLS: Part 1 – Basics of SSL and TLS

M.Sc. Chris Wojzechowski

The History of SSL/TLS: Part 1 – Basics of SSL and TLS

Even if at least they know it, SSL and especially TLS are the protocols we use most often on the Internet. SSL and its successor TLS are protocols which are used to encrypt our surfing on the Internet. They are also the ones that turn the “http” in our address bar into “https“. In the following we want to talk about the basics of SSL and TLS.

Basics of SSL and TLS – Function

Encrypted Website
Encrypted Website

SSL and TLS form the basis for secure data transmission when surfing. Our web browsers use these protocols to establish a secure connection to a website through encryption. This is to ensure that our data cannot be read or changed during transmission. The SSL (“Secure Socket Layer”) protocol has now been replaced by the standardized successor TLS (“Transport Layer Security”). Although TLS is the successor of SSL, the term SSL is still used today due to its popularity.

The most used protocol on the Internet

The Transparenzbericht published by Google shows that 91% of all Google searches in Germany are currently encrypted. Likewise the statistics of the certification authority Let’s Encrypt, here in the Blog already presented , show that over 180 million certificates for the encryption of web pages were created there in the last 3 years. Finally a study of the network equipment company Sandvine shows that in 2018 more SSL/TLS encrypted connections were used than unencrypted ones.

Basics of SSL and TLS – Protection Objectives

Encryption and security while surfing the Internet takes place between the browser and the website. The main tasks of SSL and TLS during this communication are the following:

  • The authentication of the website – I really surf with
  • The confidentiality of the data – only and my browser know which data is transferred?
  • The integrity of the data – Were the transmitted data not changed during the transmission?

These questions are to be solved by the use of SSL and TLS. Therefore a certificate is exchanged between the web browser and the web page each time a web page is called. This certificate is then checked for validity by the browser. If this check fails, we as the user receive a warning from the browser. In such a case it is not recommended to continue surfing on the respective website.

SSL and TLS are therefore used to protect our connection to a website from being read and manipulated. Therefore you use certificates to ensure who is communicating with and to establish a secure connection. To understand how this works, in the next part of this series we will look more closely at certificates and their use.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.