When you decide to dive into the world of networks and the Internet, you can be confused by so many new concepts. Some of the more confusing are SSL, TLS, and HTTPS as they are similar but have some differences between them. In this article we will tell you everything.
SSL, TLS and HTTPS protocols
Initially, it is necessary to clarify that network protocols are a set of rules which are met to securely transmit information between one computer and another. The security that is managed in the protocols for the transfer of information is extremely important as it protects the user's data, as well as his identity on the web.
The HTTP protocol posed a risk and was necessary update to a new protocol. Its successor is HTTPS (Hyper Text Transfer Protocol Secure) or hypertext transfer protocol. It's pretty much the same, but safer.
HTTPS works at the application layer of the OSI model and uses symmetric and asymmetric encryption algorithms; and exchange of keys. It is used to exchange sensitive information such as bank details and passwords.
It is probably the most popular protocol because it can display its acronyms in web page addresses. In fact, it is the indicator that a page is safe.
Il protocollo SSL (Secure Sockets Layer) o secure socket sapa was invented in 1990 to secure the Internet connection. Its latest update dates back to 1996 to version 3.0, so it is considered obsolete since 2015. Currently, browsers do not recognize it as a secure protocol.
SSL should prevent the interception of the communication by third parties during the data inspection. This protocol it works in the session layer of the OSI model.
SSL uses weak symmetric and asymmetric cryptography, which makes it a weak protocol unlike its successor, TLS. This means that if an intruder intercepts the communication just as the server is sending the public key, he can falsify the information.
TLS (Transport Layer Security) o transport security is the evolution of the SSL protocol. As the name suggests, it works in the fourth layer of the OSI model, unlike its predecessor.
It is much more secure than SSL and its function is still to keep connections between computers secure. The latest update version was 1.3 and is considered a secure protocol starting from version 1.2.
This particular protocol is not only used for communication between web pages via HTTPS. But it's implemented also on SSL / TLS VPN (Virtual Private Network) servers. Its success is based on interoperability between client and server by encrypting information.
Certificates and security protocols are not the same
All of these terms tend to confuse, especially the SSL protocol with the SSL certificate. The name of the certificate has no relation to the protocols used.
A certificate can be used with i SSL and TLS protocols without major problems. Security protocols are defined by the server configuration. The most popular term for security certificates is SSL, which is why it is often associated with the protocol.
By installing an SSL certificate, you can transmit data via the HTTPS protocol. One way to know if a browser is using a security certificate is because it has HTTPS in the URL without any kind of warning message.
All these technologies they work together and aim to ensure the security of information on the network. They work as a team and evolve as people's needs change.