TLS/SSL (TLS is the newer version even though both referred to as “SSL”) are cryptographic protocols that help secure communication between web browser and server. The basic idea is that the protocols encrypt the message sent between web browser and server; this encryption protects the communication from man-in-the-middle attacks where a third party could eavesdrop and change the message sent between web browser and server.
To understand how TLS/SSL works, you first have to understand what public/private keys are. When two parties want to send an encrypted message to each other, the receiver of the message needs to generate a private and public key. The receiver sends the sender the public key. The sender uses the public key to encrypt the message. The sender then sends the receiver the encrypted message. The receiver is then able to decrypt the message using the private key that only the receiver has. Even if someone obtains the public key, he or she cannot decrypt an encrypted message.
TLS/SSL uses the idea of public/private keys to work and additionally uses a certificate authority (CA) to verify identity. A certificate authority is a trusted entity that issues digital certificates. The digital certificate proves the ownership of the public key used by TLS/SSL. When you load a site using TLS/SSL, you can click the lock symbol next to the URL and view the certificate. This certificate verifies the identity of the server.
TLS/SSL uses public/private keys to encrypt data and certificate authority to verify identity. When you have a website that will handle financial or personal information, you should implement TLS/SSL to make sure the information stays secure.
If you would like us to help you with your website, please contact us here: http://www.junodigitaldevelopment.com/contact.html