What is SSL/TLS Encryption?
What is SSL/TLS Encryption?
If you watched the most recent vlog, you know that we discussed SQL Injection attacks. If you were really paying attention, you noticed that we also discussed SSL/TLS encryption as well. So, we thought it would be a good idea to put together a blog to give some detail on exactly what SSL/TLS Encryption is and why it is important to you as a consumer and a business owner.
First, What is SSL/TLS? SSL stands for Secure Socket Layer and for years it was the defacto standard for encrypting communications between end users and websites. TLS stands for Transport Layer Security and it is actually the latest version of SSL. In case you were not aware, SSL encryption was actually “cracked” some months back, so it is no longer sufficient from an encryption and protection standpoint. You should be using TLS version 1.2 as your standard encryption. See the steps and diagram below that can be used to validate what TLS version you are using.
- Open Google Chrome
- Click Alt F and select Settings
- Scroll down and select Show advanced settings…
- Scroll down to the Network section and click on Change proxy settings…
- Select the Advanced tab
- Scroll down to Security category, manually check the option box for Use TLS 1.1 and Use TLS 1.2
- Click OK
- Close your browser and restart Google Chrome
To quickly determine if your website is using any type of encryption, you can look at the web browser,
Now, the way TLS works is fairly simple. When an end user attempts to go to a website that requires encryption, it will initiate a session by performing a TCP 3-way handshake.
Once the handshake is complete, and you have a open session with the website, you will now go through the encryption process with TLS. The way TLS works is very similar to TCP except instead of passing “SYN” and “ACK”, it will pass encryption keys. Think of encryption keys like the key to a safe. If something is encrypted, it is locked in a safe called cipher-text. Cipher-text is completely garbled characters, numbers and letters, that make no sense to us mere mortals. However, when you have the proper encryption key, you can unlock the cipher-text into its original clear text form, which is readable.
SSL/TLS encryption should be used for the following reasons:
- Protect your client’s data – SSL/TLS encrypts the communication thereby providing more privacy and protecting their personally identifiable information (PII)
- Search engine rankings – A couple of years back, Google announced that they would include encryption in its formula to rank websites. That means if have an encrypted site, you will get higher ranking in the Google search engine.
- Protect your brand – Unencrypted websites are at higher risk for being tampered with. For example, attackers can put ads on your website without your permission on an unencrypted site. If you are a family friendly company, I am sure you do not want ads for Viagra and escorts to start showing up on your site.
These are just a few reasons, but there are more.
If you have a website and you are interested in implementing SSL/TLS Security consider reaching out to CarTek Consulting. We can help.