
What is SSL Security and how it makes your site more secure
It is now over 20 years since Netscape launched the Secure Sockets Layer (SSL) to secure online communications. Since its launch, SSL and now the successor, Transport Layer Security (TSL), are still the de facto protocols for achieving authentication, privacy, and data integrity on the web.
With digital workspaces becoming the new norm, the stakes for SSL security have gone a notch higher. But what exactly is SSL security? And how can it enhance the security of your website? Parallels ® explains in this post.
What is SSL?
SSL is a protocol that establishes encrypted and authenticated connections between a web browser (or client) to a web server. SSL achieves security by binding the identities of companies and websites via two pairs of cryptographic keys: public and private keys.
The private key is secret and kept within the origin server, while the public key gets distributed via digital certificates that follow the X.509 standard. While the two keys are distinct, they indeed have a special mathematical relationship: a corresponding private key can only decrypt data encrypted by the public key.
Furthermore, an entity can use the private key to sign digital documents, including webpages and transactions. Once signed, anyone with the corresponding public key can verify the signature. Hypertext Transfer Protocol Secure (HTTPS)—also called HTTP over SSL or HTTP over TSL—combines the traditional HTTP with SSL or TSL to achieve security.
When an entity uses HTTPS in its URL address, it means that communication between the client and the webserver is secure. In other words, when a website uses HTTPS, any data exchange between it and the browser is secured via SSL.
SSL security works on the concept of public-key and private key cryptography, as outlined in the diagram below:
- The client attempts to connect to an SSL-enabled web server. Here, the client requests the webserver to identify itself.
- The server sends copy of its SSL certificate containing the server’s public key, validity, and domain names, among other things to the client. This process is called an SSL handshake. During the SSL handshake, both the client and the server use asymmetric cryptography to exchange randomly generated data. In turn, the random data creates new keys (session keys) for transferring data between them.
- The server acknowledges the client to initiate an SSL session.
- The client uses the session keys generated in step 2—a form of symmetric cryptography—to encrypt its data and exchange it with the server.
What SSL Security Certificates Are
The subject of an SSL security certificate contains the name of the website owner. A set of public and private cryptographic keys are also included in SSL security certificates, which are used to create encrypted connections.
Types of SSL certificates
In SSL security, Certification Authority (CA) issues X.509-based certificates to organizations wishing to establish encrypted communications with their clients. This way, the CA acts as a trusted third-party that validates various entities after undertaking rigorous audits on them. Six types of SSL certificates are:
- Domain Validated (DV) SSL certificates. These certificates show that the URL specified by the client is indeed registered. Here, the CA can validate the URL via email, HTTP, or Domain Name System (DNS). These certificates have a sole responsibility: to encrypt the user’s data. All a user need is to prove identity to the website, after which transaction commences.
- Organization Validated (OV)SSL certificates. These certificates show that an organization owns the specified domain. Besides, it also verifies other organization’s details, including the country, state, city, and town, among others.
- Extended Validation (EV)SSL certificates. These certificates provide the same level of SSL security as DV and OV. However, they also prove that an organization is legally registered as a business entity.
- Wildcard SSL Certificates. These certificates ensure that when you purchase a single certificate for one domain, you use it for other subdomains.
- Single Domain SSL Certificates. These certificates protect only one domain. You cannot use it to manage a completely different domain or subdomain.
Differences between SSL and TLS
When people refer to the terms TSL or SSL security, they are talking about X.509 certificates that allow clients to communicate to web servers using HTTPS. In most cases, these terms are used interchangeably because of two reasons:
- Both SSL and TSL are cryptographic protocols that establish security between the client and the webserver via HTTPS.
- Most people are familiar with SSL, being the earliest and precursor protocol to TSL. As such, it is easier to just refer to SSL as TSL and move on
However, SSL and TSL differ in many ways, as shown in the table below:
Feature | SSL | TSL |
Proprietor | SSL is a proprietary protocol that Netscape unveiled in 1995. | TSL is a standardized protocol that the Internet Engineering Task Force (IETF) released in 1999. It is a successor to SSL that delivers superior security, privacy, security, and performance. |
Handshake | The SSL handshake makes explicit connections throughport443. | TSL allows implicit connections through a protocol.With TLS transaction, the handshake starts on an insecure channel,which then switches to port 443. |
Cipher suite | SSL uses Fortezza cipher suite | TSL does not support the Fortezza cipher suite. |
Alert messages | SSL has the “No certificate” notifications. | TLS replaces the alert message with several notifications. |
Record Protocol | SSL uses the Message Authentication Code (MAC) to hash each data. | TSL uses Hash-Based Message Authentication (HMAC) to hash the data. |
Versions | SSL has three versions (SSL 1.0, SSL 2.0, and SSL 3.0). All the versions are now deprecated because of vulnerability issues. | TSL has four versions (TLS 1.0, TSL 1.1, TSL 1.2, and TSL 1.3). As of March 2020, TSL 1.0 and TSL 1.1 are deprecated. |
SSL Security: Secure Access with Parallels RAS
SSL security has indeed become a universal standard—promoting security and ensuring organizations establish digital trust with their customers. While prioritizing security, organizations also need a highly efficient Virtual Desktop Infrastructure (VDI) solution that blends SSL and application delivery.
Parallels® Remote Application Server (RAS) provides a comprehensive VDI solution to effectively monitor and manage your entire infrastructure at a cost-effective price. Parallels RAS’ console has a certificate management interface that you can quickly use to add and manage all your SSL certificates via a single pane of glass.
Download a FREE, 30-day trial of Parallels RAS today and manage SSL security via a single pane of glass.