What Is SSL?

Date First Published: 25th June 2022

Topic: Cybersecurity

Subtopic: Security Mechanisms & Technologies

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 5/10

CONTENTS

How To Tell If A Website Uses SSL?
History and Versions

Learn more about what SSL is in this article.

Stands for Secure Sockets Layer. SSL is a protocol used to encrypt communications between two computers communicating over the internet and authenticate the identity of a website. This prevents data from being read by unauthorised users if intercepted. Anyone that sees the sent data will see a mix of random characters that are almost impossible to decrypt.

SSL also provides authentication, which verifies that data is not interfered with before it reaches its intended recipient. It helps to verify that the owner of a website owns the private key listed in the SSL certificate, ensuring that visitors are connected to the real website.

Without SSL, entering sensitive information on online shopping or banking websites would be risky as the data would be sent in plaintext, allowing it to be read by someone if intercepted. Whilst SSL was mostly used in the past to protect sensitive data, it is used by almost all websites, even websites where users do not enter any information.

Even though SSL is mostly used on the World Wide Web, it is used to secure other protocols, such as SMTP, which is used to transfer outgoing mail from one server to another and NNTP, which is used for Usenet articles, news, and files from one server to another.

How To Tell If A Website Uses SSL?

SSL can only be implemented by websites that have SSL certificates. These prove the identity and authenticity of a company so that visitors can trust that the website is secure and reliable. They are similar to ID cards or badges that prove someone is who they say they are.

In order to tell if a website uses SSL, it can be identified in the URL. If the URL starts with https://, with the extra 'a' meaning secure, the website uses SSL. If it only starts http://, the website is not secured by SSL and only uses regular HTTP. It is highly recommended to not enter any sensitive information on websites that are not secured by SSL. In addition, most web browsers will make it clearer to visitors as it may show a 'not secure' warning in the address bar. Search engines have been penalising websites that are not secured by SSL. As a result, SSL can have a negative impact on SEO.

Note:

When a website uses SSL, the padlock icon can be seen in most web browsers. Sometimes, a green address bar can be seen.

History and Versions

SSL was introduced to the public in February 1995 by Netscape. The first version of SSL (1.0) was not introduced to the public due to serious security issues in the protocol. SSL Version 2.0 was released in February 1995 and was discovered to contain a number of security and usability issues. It used the exact same cryptographic keys for message authentication and encryption and provided no protection against either the opening handshake or an explicit message close, making it vulnerable to MITM attacks that could not be detected. SSL Version 2.0 was deprecated in 2011 in RFC 6176.

SSL Version 3.0 was released in 1996 by Paul Kocher working with Phil Karlton and Alan Freier, engineers of Netscape. In RFC 6101, the 1996 draft of SSL Version 3.0 was published by IETF.

In 1999, the IETF proposed an update to SSL. Since this update was proposed by the IETF and Netscape was no longer involved, the name was changed to TLS. The final version of SSL (3.0) and the first version of TLS do not have huge differences. The name change shows a change in ownership. In 2015, SSL 3.0 was officially deprecated.

Note:

Because the two terms 'SSL' and 'TLS' are very closely related, SSL is often referred to as SSL/TLS.