DEV Community

Pp
Pp

Posted on

Understanding SSL/TLS

SSL – Secure Sockets Layer
TLS – Transport Layer Security

What is SSL/TLS?

SSL is a protocol that encrypts data transmitted between computers.
TLS is the newer and more secure version of SSL.

SSL provides multiple layers of protection by encrypting data sent between the server and the end user.

When you see HTTPS in a website address, it means that some form of SSL/TLS encryption is being used.

The SSL Handshake

When you visit a secure website, your browser and the website’s server perform a handshake to establish a secure connection.

Client Hello

The browser sends a Client Hello! message to the server.

This includes details such as:

  • Browser information
  • Cipher settings
  • Operating system
  • Supported encryption algorithms

Server Hello
The server responds with a Server Hello! message.
It includes:

  • Server details
  • Selected encryption algorithm
  • Digital SSL certificate containing:

    • Domain name
    • Certificate Authority (CA)
    • Public key (used for encryption)

SSL check
The browser checks if the server’s SSL certificate is valid and issued by a trusted Certificate Authority (CA).

Certificate Authority (CA) — The organization that signs or vouches for an SSL certificate’s authenticity.

Session Key

Session Key Exchange

If the certificate is valid:
The browser generates a random session key.
It encrypts this session key using the server’s public key (from the SSL certificate).
The encrypted session key is sent to the server.
The server decrypts it using its private key.

Finished message
Then:
The server sends a “Finished” message to the browser.
The browser replies with its own “Finished” message — confirming the handshake.

Secure Connection Established

If both sides verify the messages successfully, a secure connection is established.
From this point on, all communication between your browser and the server is encrypted using the shared session key.

Final Thoughts

SSL/TLS protects your personal data, passwords, and payments from being intercepted.
It’s the reason why you can safely browse, shop, and communicate online every day.

Whenever you see the 🔒 lock icon next to a website, that’s SSL/TLS at work!

Top comments (0)