Skip to main content
banner image
venafi logo
Education Center Detail

Education Center - What is SSL?

What is SSL?

The modern “trusted Internet” is synonymous with two ubiquitous technologies: Secure Sockets Layer (SSL) and Transport Layer Security (TLS). This article will refer to both TLS and SSL environment simply as SSL. Cryptographic keys allow for encrypted private conversations between remote parties while digital certificates ensure that servers truly belong to the entities for which they represent online. These components comprise the Public Key Infrastructure (PKI) that makes secure conversations and transactions possible on the inherently insecure public Internet.

What indicators come to mind when you think of the “trusted Internet?” Is it the padlock icon? Or is it perhaps the “https://” designation in the browser address bar? Have you ever really looked at a digital certificate and verified that it is issued by a recognizable certificate authority (CA)? SSL encompasses all of these elements and more.

SSL/TLS certificates play a critical role in secure and encrypted communications between a client and a server. First, the server’s certificate, containing its public key, is used by the client to determine whether the client should accept a trust relationship with the server. If the client accepts or validates the authenticity of the server, then the server certificate is used to establish a secure, encrypted channel for the ensuing session. These protocols are not new. SSL became an Internet standard in 1994, with TLS being added soon thereafter. Both are constructed around a similar architecture using X.509 certificates. Although there are some differences between SSL and TLS, this document refers to the protocol as SSL/TLS, since the two share a common architecture. SSL/TLS is most often represented as HTTPS, but the protocol can be used to secure any TCP-based application. SSL/TLS is also popular for encrypting traffic between email clients and POP or IMAP servers, setting up secure tunnels between IDS sensors and management consoles, and supporting VPNs as a lower-cost alternative to IPSec.

Current SSL 3.0 debuted in 1996 and quickly became the Internet’s primary security mechanism. TLS extends SSL by allowing clients and servers to specify accepted hash and signature algorithms and support additional cipher suites. TLS 1.2 arrived in 2008 and its 2011 enhancement removed backwards compatibility to the less secure SSL 2.0.

Current best security practices by the National Institute of Standards (NIST) recommend utilizing SSL 3.0 with TLS 1.2 for maximum security. Note that even the “most secure” version of SSL/TLS is based on a 2008 specification!

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more