DEV Community

Sreekar Reddy
Sreekar Reddy

Posted on • Originally published at sreekarreddy.com

πŸ”’ SSL/TLS Explained Like You're 5

#eli5 #security #encryption #programming

Encrypting data between you and websites

Day 149 of 149

πŸ‘‰ Full deep-dive with code examples

The Sealed Envelope Analogy

Sending a postcard:

  • Everyone can read it (mail carriers, neighbors)
  • No privacy!

Sending a sealed, locked box:

  • Only the recipient has the key
  • Contents are private

SSL/TLS is the sealed box for your internet data!

It encrypts the data sent over the connection between your browser (client) and a website (server), protecting it while it travels across the network.

Why It Matters

Without SSL/TLS:

  • Passwords can be sent in plain text
  • Credit card numbers can be exposed
  • Someone who can observe the network may be able to read or change what you send
  • On public WiFi, attackers can potentially intercept traffic

With SSL/TLS:

  • Data sent over the connection is encrypted (and integrity-protected)
  • It helps prevent eavesdropping and tampering while data is in transit
  • Reduces risk on public WiFi (but it doesn’t stop a compromised device or server)

How You Know It's Working

Look for:

  • https:// (not http://)
  • Your browser indicating an encrypted connection
  • Certificate details in the site info/security UI

Note: a lock icon means the connection is encrypted and the certificate checks out β€” it doesn’t automatically mean the site itself is trustworthy.

How It Works (Simplified)

  1. Handshake: Browser and server agree on encryption method
  2. Certificates: Server proves its identity
  3. Key exchange: They create a shared secret key
  4. Encrypted connection: All data encrypted with that key

Think of it like:

  • Meeting someone, showing ID, agreeing on a secret code, then speaking in code!

SSL vs TLS

  • SSL: Old protocol family (legacy; SSL 2.0/3.0 are no longer recommended)
  • TLS: Modern protocol family (what we actually use today)
  • People still say "SSL" but mean TLS

TLS 1.3 is the newest widely deployed version, and TLS 1.2 is still commonly used.

In One Sentence

SSL/TLS encrypts data between your browser and websites, turning readable information into scrambled text that only you and the website can understand.

πŸ”— Enjoying these? Follow for daily ELI5 explanations!

Making complex tech concepts simple, one day at a time.

Top comments (0)