Security Encyclopedia

Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for establishing a secure channel between two devices that are connected over the Internet or an internal connection. Until 1999 when Transport Layer Security (TLS) replaced it, SSL was the #1 cryptographic protocol for ensuring that web traffic between a user and service provider are secure. Even today TLS is referred to as “SSL” due to the latter’s contribution.

SSL guarantees that all information traveling between the two devices is private. This makes it useful for securing online communications such over email, as well as bankcard transactions. Web browsers will show an SSL-protected website as having a padlock in the window where the URL is displayed. The URL prefix is also displayed as HTTPS from its former HTTP.

SSL connections are established through the purchasing of SSL certificates from a certificate authority before they are associated with a web server. However, the certificate authority will conduct an inquiry and thus applicants must correspond with and submit documentation to the authority. Once this process is satisfied, the authority will grant the service provider the ability to use SSL. Certificates are subject to expiration dates and must be reauthorized with the certificate authority.