What is the SSL / TLS Protocol?


What is the SSL / TLS Protocol?

El protocolo SSL, "Secure Socket Layer" (en español, capa de puertos seguros), es el predecesor del protocolo TLS "Transport Layer Security" (Seguridad de la Capa de Transporte, en español). Se trata de protocolos criptográficos que proporcionan privacidad e integridad en la comunicación entre dos puntos en una red de comunicación. Esto garantiza que la información transmitida por dicha red no pueda ser interceptada ni modificada por elementos no autorizados, garantizando de esta forma que sólo los emisores y los receptores legítimos sean los que tengan acceso a la comunicación de manera íntegra.

Protocolo SSL/TLS


Considering a OSI (Layered Network Architecture) model, the SSL protocol is Used between the application layer and the transport layer. One of its most widespread uses is the HTTP protocol, resulting in HTTPS or a secure version of HTTP. It is used for hypertext transfer (Websites) in a secure way. In this way, the information transmitted between a website and a user (both ways) is safe, especially important when it comes to sensitive information: confidential data, passwords, bank information, personal images, etc.

How does the SSL protocol work?

Both asymmetric and symmetric cryptography are used in the SSL protocol. The first is used to perform the exchange of keys, which in turn will be used to encrypt the communication using a symmetric algorithm.

En el caso de los sitios web, para el funcionamiento de este protocolo, lo que se necesita utilizar es un certificado SSL. El servidor web tendrá instalado uno y cuando un cliente intente acceder a él, le remitirá el mismo con la clave pública del servidor, para enviar de esta forma la clave que se usará para realizar la conexión de manera segura mediante un cifrado simétrico.

Through a specific example, let's explain how the SSL / TLS protocol combined with HTTP works, to give way to the secure version of HTTP or HTTPS. To do this, we will go to step-by-step detailing, what happens when a client accesses a website from a server with an SSL certificate through the HTTPS protocol:

  • A user makes a secure HTTP request through a browser to a website (HTTPS://www.redalia.es/)
  • HTTPS request
  • The server where is hosted website, sends (if equipped) the certificate containing the public key of the server. In case of not having SSL certificate, an error occurs.
  • Server responds with SSL certificate
  • El navegador comprueba que la entidad emisora del certificado o CA sea de confianza. En caso contrario, pedirá al usuario que acepte el certificado bajo su responsabilidad.
  • At this point, the browser will generate a symmetric key, which will be encrypted using the public key of the server to be sent securely to it.
  • Key shipping for HTTPS connection
  • In this way, communication has already been established in a safe manner, and will be encrypted in both directions using the key generated in the previous point.
  • Established HTTPS connection

Integrity of Information

As described at the outset, the SSL / TLS protocol not only provides confidentiality in the information, but also guarantees its integrity. It uses a Message Authentication Code (MAC). This code is calculated by a hash function with a secret key that only the sender and the receiver of the communication know (the client and the server). In this way, if a single bit of all information is modified, the MAC will be totally different, and both parties might know at that point that the information has been modified.

Buy SSL Certificate

Big Saves