General

How SSL Works

Secure Sockets Layer (SSL), is a cryptographic protocol that provides secure communication over the Internet. Secure communication has three main goals, privacy, message integrity, and authentication. SSL uses asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.

When the browser requests an SSL connection with the website, it actually requests from the web server to identify itself. The server to identify itself, responds with SSL Certificate. The browser checks the certificate to make sure that the site is the real site and not someone intercepting.

The browser has public keys from root certificate authorities. If the received key from a web server is signed by one of the root CA’s stored in the browser’s database, then the website can be verified as trustworthy automatically and SSL session can be established.

if the browser trusts the SSL Certificate, it sends a unique code to the server encrypted with SSL public key. The server responds with a digitally signed acknowledgement and an SSL encrypted session is established. After this step the browser and the web server start exchanging encrypted messages.