What is the use of Secure Socket Layer in information security?

Secure Sockets Layer (SSL) is a standard protocol used for the protected transmission of files over a network. It is developed by Netscape, SSL technology makes a secure link between a network server and browser to provide private and integral data transmission. SSL needs Transport Control Protocol (TCP) for communication.

When using SSL for secure web transactions, a Web server require an SSL certificate to create a secure SSL connection. SSL encrypts network connection segments following the transport layer, which is a network connection element the program layer.

SSL follows an asymmetric cryptographic mechanism, in which an internet browser generates a public key and a private (secret) key. The public key is located in a data file called a certificate signing request (CSR). The private key is expressed to the recipient only.

SSL uses a cryptographic system that provides two keys to encrypt data a public key familiar to everyone and a private or secret key known only to the recipient of the message. Some web browsers provides Secure Sockets Layer and its successor TSL, and some websites use the protocol to acquire confidential user information such as credit card numbers. By convention, URLs that needed an SSL connection start with https rather than HTTP.

SSL works by performing a three-step handshake that is layered on top of a TCP connection −

  • When an internet browser attempt to connect to a website, the browser will first request the internet server identify itself. This prompts the computer server to send the browser a copy of the certificate.

  • The browser checks to view if the certificate is trusted and if it is, the browser sends a verification message to the internet server.

  • The server responds to the browser with a digitally signed acceptance to begin an encrypted session. This enables encrypted information to be shared between the browser and the server, as recognized by the HTTPS label rather than HTTP.

SSL guarantees that all data traveling among the two devices is private. This creates it useful for securing online communications such over email, and bankcard transactions. Web browsers will display an SSL-protected website as having a padlock in the window where the URL is presented. The URL prefix is also presented as HTTPS from its old HTTP.

SSL connections are created through the purchasing of SSL certificates from a certificate authority before they are related to a web server. However, the certificate authority will charge an inquiry and therefore applicants should correspond with and submit files to the authority. Because this process is satisfied, the authority will grant the service provider the ability to need SSL. Certificates are subject to expiration dates and should be reauthorized with the certificate authority.