Offensive Security

The History of SSL/TLS: Part 1 – Basics of SSL and TLS

The History of SSL/TLS: Part 1 – Basics of SSL and TLS

Even if at least they know it, SSL and especially TLS are the protocols we use most often on the Internet. SSL and its successor TLS are protocols which are used to encrypt our surfing on the Internet. They are also the ones that turn the “http” in our address bar into “https“. In the following we want to talk about the basics of SSL and TLS.

Basics of SSL and TLS – Function

Encrypted aware7.de Website
Encrypted aware7.de Website

SSL and TLS form the basis for secure data transmission when surfing. Our web browsers use these protocols to establish a secure connection to a website through encryption. This is to ensure that our data cannot be read or changed during transmission. The SSL (“Secure Socket Layer”) protocol has now been replaced by the standardized successor TLS (“Transport Layer Security”). Although TLS is the successor of SSL, the term SSL is still used today due to its popularity.

The most used protocol on the Internet

The Transparenzbericht published by Google shows that 91% of all Google searches in Germany are currently encrypted. Likewise the statistics of the certification authority Let’s Encrypt, here in the Blog already presented , show that over 180 million certificates for the encryption of web pages were created there in the last 3 years. Finally a study of the network equipment company Sandvine shows that in 2018 more SSL/TLS encrypted connections were used than unencrypted ones.

Basics of SSL and TLS – Protection Objectives

Encryption and security while surfing the Internet takes place between the browser and the website. The main tasks of SSL and TLS during this communication are the following:

  • The authentication of the website – I really surf with aware7.de?
  • The confidentiality of the data – only aware7.de and my browser know which data is transferred?
  • The integrity of the data – Were the transmitted data not changed during the transmission?

These questions are to be solved by the use of SSL and TLS. Therefore a certificate is exchanged between the web browser and the web page each time a web page is called. This certificate is then checked for validity by the browser. If this check fails, we as the user receive a warning from the browser. In such a case it is not recommended to continue surfing on the respective website.

SSL and TLS are therefore used to protect our connection to a website from being read and manipulated. Therefore you use certificates to ensure who is communicating with and to establish a secure connection. To understand how this works, in the next part of this series we will look more closely at certificates and their use.

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.