What is SSL, TLS and HTTPS?
If only the standard HTTP protocol is used, the information disclosed in plaintext is vulnerable to attacks. Therefore, HTTPS protocol is usually used to ensure that information is protected and encrypted during data transmission.
What is the difference between HTTP and HTTPS?
HTTPS: HTTPS stands for HTTP over SSL/TLS. HTTPS has distinct advantages over HTTP:
Advantages of HTTPS:
Data integrity: Check the integrity of the content transfer.
Data privacy: Content is symmetrically encrypted, and a unique encryption key is generated for each connection.
Identity authentication: A third party cannot forge the identity of the server (client)
What are SSL and TLS?
SSL (Secure Socket Layer) is a set of protocols designed by Netscape in 1994 and released in version 3.0 in 1995.
TLS (Transport Layer Security) Transport Layer Security is a protocol designed by the IETF based on SSL3.0, equivalent to the subsequent version of SSL.
Both TLS and SSL are encryption protocols that encrypt data and authenticate connections when moving data over the Internet.
What is the difference between TLS and SSL?
SSL 1.0 was never released publicly. SSL 2.0 was first released in February 1995. Although SSL 2.0 was publicly released, it also contained security flaws and was quickly superseded by SSL 3.0 in 1996.
The first version of TLS 1.0 was released in 1999 as an upgrade to SSL 3.0. Since then, three more TLS versions have been released, the latest being TLS 1.3 in August 2018.
We can say that TLS is a continuation of SSL that fixes some of the security holes in the earlier SSL protocol.
Understand the full version of SSL and TLS in this historical progress graph :
As we learned in the previous article, the transmitted data is encrypted by public and private keys. Where did the public key and private key come from? This involves the issue of identity authentication.
What is identity authentication?
The CA certificate is a traditional authentication mode. The CA center issues a digital certificate to each user who uses the public key to prove that the user listed in the certificate legally owns the listed public key.
If you want to get your certificate, you must apply to the CA first. After the CA identifies you, it assigns you a public key, which is bound to your identity information, and the CA signs it and issues you a certificate.
Digital certificates can only achieve online security, you can use digital certificates to verify the other party's identity, and the safety of e-mail, online transactions, and credit card purchases can be guaranteed.
Each user has a pair of public and private keys.
The private key is used for decryption and signing and is for your use
The user discloses the public key, and the user encrypts and verifies the signature used by others.
How do SSL and TLS protect data security?
When a certificate is installed on a server, it contains a public key and a private key that authenticate the server and allow your server to encrypt and decrypt data.
When someone visits your site, their web browser will check your site's SSL/TLS certificate. The browser will then perform a "handshake" to check the validity of your certificate and authenticate your server.
If the SSL certificate is invalid, you may encounter "Your connection is not private" errors.
Once a visitor's browser determines your certificate is valid and authenticates your server, it creates an encrypted link between it and your server to transmit data securely.
For example, if you process credit card payments on your website, TLS and SSL can help you handle that data securely so malicious actors can't get hold of it.
The Advantages of TLS: TLS is used to provide confidentiality and data integrity between two communicating applications. It is independent of the application protocol, and high-level protocols can be transparently distributed on the TLS protocol. The TLS standard does not specify how applications can increase security over TLS.