SSL, TLS, an easy explanation, for everyone

Your point and click PKI

Wikipedia defines TLS and SSL as; cryptographic protocols that provide communications security over a computer network.

Clear as mud? defines SSL as the standard security technology for establishing an encrypted link between a web server and a browser.

TLS/SSL is a protocol and protocol is;

A set of rules of conduct, or behaviors for a certain situation.

SSL is an ancient and outdated technology, if you would like to learn more read our brief history of SSL, here. As such we will no longer be calling it SSL and will only refer to it as TLS from here on out. However, many people use the terms interchangeably.

Meaning TLS is just a list of ways specific computer software should act or behave under specific conditions. Two(there are more) conditions required for TLS are the presence of a public and private certificate, sometimes called a key pair.

These certificates are the starting point to create the encrypted, secure communications channel. Have you ever heard a conversation in a foreign language? The two speaking know precisely what they are saying to each other, as does any other person who speaks the same language. However, those who don’t speak the language will most likely have no idea what’s being discussed. TLS operates similarly, except it creates a new unique language for each person visiting a server. The TLS protocol makes all this happen with the public and private certificate key pair.

As a regular internet user, you may have noticed some websites begin with https while others with HTTP. Alternatively, you may see some with the lock icon or the green bar with a companies name in the address bar. These are all signs that a website is secured using a TLS certificate.

Why do we use TLS?

The primary reason why we use TLS is to keep sensitive information sent across the Internet encrypted, therefore only the intended recipient can understand it.

Without the use of TLS, information sent over the internet is sent in an easy to read clear text format. This fact is important because the information you send on the Internet passes through many computers before it get’s to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with a TLS certificate. When a TLS certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from criminals and other nefarious individuals.