What is the full form of SSL?
Last Updated :
25 Sep, 2024
SSL or Secure Sockets Layer is Netscape's protocol for creating an encrypted connection between a web server and a web browser. The term 'sockets' also refers to socket method of exchanging information between a client and a server program: either in a network or between processes on the same device. SSL is an industry standard that safely and reliably transmits private information such as credit card numbers, social security numbers and login credentials over Internet by encoding it.
SSL was first commonly used framework to secure online transactions, and eventually came to be used to secure authentication and encryption on network transport layer for other applications. SSL uses a combination of public key and private key and session keys encryption to protect a connection between a web and a client system, connected together by Internet, or by other similar TCP/IP network. Anything encoded by using public key can only be decoded with private key, and vice versa. TLS protocol evolved from SSL and has officially replaced it. In this article we will see Secure Sockets Layer in detail.
History of Secure Sockets Layer
Authentic implementation of Secure Sockets Layer was developed in early 1990s with aid of Netscape Communications Corporation to secure HTTP, which sends its records as simple text over Internet. First released version was 2.0 which gained prominence in spite of some framework flaws and protocol vulnerabilities. Internet Engineering Task Force (IETF) deprecated SSL for use on web in 2015 and has since been supplanted by Transport Layer Security (TLS) protocol. However, TLS and SSL are not interoperable, and TLS is SSL 3.0 backward compatible.
Features of Secure Sockets Layer
- SSL provides protection of network connection through:
- Confidentiality - Using symmetric-key cryptography information is encrypted.
- Authentication - Communication entities identify themselves by using digital certificates. Authentication of site server is mandatory while authentication of database is left optional.
- Integrity - Maintains checks on credibility of communications.
- Lossless methods of compression are employed to compress fragmented data.
- Mainly designed for Online e-commerce.
- Supported by nearly every Web browser.
- For all TCP applications SSL is accessible.
Architecture of Secure Sockets Layer
SSL protocol is constructed architecturally as a suite of protocols over TCP/IP. SSL protocol design is commonly described as SSL Protocol Stack. There are two sub-layers of SSL protocol:
- First sub-layer - The first sub-layer contains one portion of SSL protocol called Protocol to SSL record. The element allows for integrity and secrecy facilities. SSL record protocol also handles data checking and encapsulating it with appropriate headers for secure transfer under the TCP protocol.
- Second sub-layer - Protocols for second and top layers of SSL protocol stack incorporated SSL Handshake Protocol, SSL Shift Cipher Protocol, and SSL Warning Protocol. The second layer of SSL Protocol Stack is set over SSL Record protocol and is responsible for maintaining a safe and secure connection to an application protocol such as HTTP. Three top layer stack protocols deliver customer-to-server session control, cryptographic parameter control, and secure SSL message transfer.
Advantages of Secure Sockets Layer
- Encryption - Data transmission that takes place on a website using SSL is encoded to ensure security of sensitive data. When data is encrypted, intruders find it difficult to intercept information inside.
- Server Authenticity - SSL provides authentication, meaning that transfer of data over Internet is guaranteed to pass through proper servers. Intruders often pretend to be your website, and concentrate on your clients' information. Using a suitable Public Key Infrastructure (PKI) and receiving SSL Certificate from a trusted SSL supplier will avoid this.
- Trust - Customers trust sites that uses SSL. This makes traffic acquired at a site. Additionally, if a site includes online payments and allows memberships, information security measures must be in place to secure your customers' data.
- Security - When a customer receives a phishing email, it contains link to an exact copy of original website and when a customer uses its information on website, it can be accessed by an unauthorized user, but having an SSL certificate cancels their access and thus secures customer from unauthorized phishing email.
Disadvantages of Secure Sockets Layer
- Performance - As data is transmitted over an Internet portal that requires SSL, then speed is slowed down due to encryption and decryption.
- Cost Factor - SSL certificates are quite expensive because service providers have to pay for infrastructure maintenance. Although some hosting organizations do provide SSL certificates free of charge.
- Extra Credentials Required - SSL Certificates will devour some additional resources, as data must be encoded. Perceptible change in website performance with massive internet traffic can be a disadvantage when using SSL certificates.
How to Add SSL to Your Website?
There are many ways to , the way generally involve:
- Step 1: First you have to purchase a SSL certificate from a trusted Certificate Authority.
- Step 2: Now Generate a certificate signing request( CSR). This CSR contains your public key, domain name, company details , location etc.
- Step 3: After that, upload your CSR to the named certificate authority via their website . They will conduct a background check.
- Step 4 : Once validated,the CA will issue your SSL certificate.Download and install the certificate on the server.
- Step 5: Once your certificate is ready, you can force HTTPS by pasting the code to your . htaccess train.
Conclusion
SSL plays a crucial role on securing a client server communication through encryption of data. Installing an SSL certificate improves our website security and search engine optimization.
Similar Reads
IPSec Full Form
IPSec stands for Internet Protocol Security. It is a suite of protocols between two communication points across the IP network that provides data authentication, integrity, and confidentiality. It was developed by the Internet Engineering Task Force(IETF) in 1995. It defines the architecture for sec
3 min read
IIS Full Form
IIS stands for Internet Information Services (IIS, formerly known as Internet Information Server) IIS is a web server software package designed for Windows Server. IIS Manager console of Internet Information Services 8.5 initial release on May 30, 1995. IIS provides a redesigned WWW architecture tha
2 min read
OSI Full Form
OSI stands for Open Systems Interconnection. It is a model used in computer networking to explain how data moves from one device to another across a network. The OSI model has 7 layers, and each layer has a specific function, from sending raw data to delivering it to the right application. It helps
5 min read
ISP Full Form
ISP stands for Internet Service Provider. An Internet Service Provider (ISP) is an organization that provides internet access to individuals, businesses and other organizations. They connect us to the internet, either through wired connections (like fiber or cable) or wireless methods (like Wi-Fi or
7 min read
RSA Full Form
The RSA algorithm, one of the most widely used asymmetric encryption techniques, was invented in 1977 by three researchers: Ron Rivest, Adi Shamir, and Leonard Adleman, who were professors at the Massachusetts Institute of Technology (MIT). The algorithm was groundbreaking because it introduced the
9 min read
WSDL Full Form
WSDL stands for Web Services Description Language. It was developed jointly by IBM and Microsoft and recommended on June 26' 2007 by the W3C. Written in XML, it is used in describing web services. These descriptions include service location and methods. It works in coordination with SOAP and UDDI in
2 min read
L2TP Full Form
Layer 2 Tunnelling Protocol, or L2TP for short, is a network protocol that securely tunnels data over public networks like the Internet to provide virtual private networks or VPNs. Although L2TP doesn't offer encryption by itself, it's frequently combined with other protocols, such as IPsec, to prot
3 min read
IEEE Full Form
IEEE stands for Institute of Electrical and Electronics Engineers. It is a professional association with a nonprofit organization with its headquarter in New York in the United States of America. It is composed of engineers, scientists, allied professionals, advancing innovation and technological ex
3 min read
LDAP Full Form
LDAP stands for Lightweight Directory Access Protocol. It is a vendor-neutral, industry-standard application protocol used to access and manage directory information services and provides a means to manage user and group membership stored in Active Directory. It was developed by Tim Howes, Steve Kil
2 min read
HTTPS full form
HTTPS stands for Hyper Text Transfer Protocol Secure. HTTP Secure (HTTPS), could be a combination of the Hypertext Transfer Protocol with the SSL/TLS convention to supply encrypted communication and secure distinguishing proof of a arrange web server. If the URL of that site is just HTTP, at that po
2 min read