The SSL Handshake
For the techies out there, the data delivery process is called TCP (Transmission Control Protocol). Think of TCP as the pipe that delivers clean (encrypted) water. When you open your browser (called ‘the client’) and access an encrypted website (called the server), it kicks off the SSL Handshake. This process happens in a few steps:- Your browser client starts the handshake by sending across SSL compatibility information. It also checks the validity of the website’s SSL Certificate i.e. ensuring the SSL/TLS is legitimately authenticated so it can be trusted. Tech savvy people can generate something that looks like an SSL, but it’s like naming a website The Bank of America, that doesn’t make it true. It’s important to know that every SSL/TLS works by using two keys: a public key that encrypts data and a private key that unlocks it. Like a government mailbox, you put your letter in (public key), and only the mail workers have access to take the letter out (private key). It’s a one way interaction, which is why it’s called an asymmetric-key system.
- After your browser confirms the SSL Certificate is valid, it encrypts the data transfer session with the website server’s public key.
- The website server then receives the private key from the browser client for decryption.
- Both sides agree on something called a cipher suite, and generate session keys (also called symmetric keys because they operate on both sides) which allow them to encrypt and decrypt the data sent during an SSL session.
Encryption Strength
Industry standard SSL/TLS strength is 256 bits encryption for data moving from your browser to a website server. The bigger the number, the longer it takes to decrypt the data. Put another way, a higher bit strength makes it harder for criminal types to hack in and decrypt private information. If 256 is not supported by either the browser or server, the SSL data session steps down to 128 bits. This is not something to worry about really, because modern setups support 256 bits. Decryption strength also involves ciphers and algorithms, but this article is about giving you the main points to understand, without getting too complex.Take Away
HTTPS websites allow customers to have a data session, where they can safely share their personal information (such as email address or credit card details) on websites. This process involves the SSL Handshake. It boils down to the browser you’re using getting to know the website server you’re engaging with, so they can agree on the best way to encrypt the travelling data. It’s a robust, structured and fairly complex process behind the scenes, but to users it all happens in the blink of an eye. Almost like magic.Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.