How Does SSL Encryption Work?

Website transactions are a daily occurrence by millions.  Being able to do it safely and securely is a number one priority and the Secure Sockets Layer (SSL) does that for us.  SSL works with a combination of programs and encryption/decryption routines existing on the host computer and browser programs such as Internet Explorer.

SSL is important to anyone using the web because during a secure transaction, the information transmitted between the website and the customer needs to be encrypted so others can’t intercept and view that information, particularly things like credit card numbers.  When you order something from a secure website, the address shown will start with https, indicating that the site will protect that information.

How does the SSL process work?  In simple terms, it relies on a three step process. 

The first is to determine a secure connection. 

There are several layers to run through when initiating internet communication, starting with the server or HTTP.  It can also be through the IMAP (mail server) and FTP (file transfer program).  Depending on the next request the user makes it will head to the SSL level, which requires the secure connection before any communication is allowed to the next layer TCP/IP.  It is sort of like knocking on the door to see if you can come in. 

An SSL handshake is initiated in the next step. 

This is what syncs the user and server with the encryption methods and will be used for the transaction.  At this point, the user’s browser will check the information received with the domain it is trying to connect with securely.  If the security certificate information on the site is not matching that domain, then the user is automatically notified.  This can indicate there is a problem with the secure information being passed. 

Providing the security certificate passes, then it is off to the final step, which is completing the handshake – compare it to the secret handshake your fraternity required for entrance. 

The browser creates a “premaster secret” that will be used to encrypt the remainder of the transaction.  There are several types of encryption methods such as DES, DSA, and KEA. 

The string created by the premaster secret will work with the browser and website to create a “master secret string” and use it with the encryption program to encrypt/decrypt the information.  With all this in place, the website and browser will be able to verify the data didn’t change during the transaction.  The website server and browser will essentially talk back and forth for the rest of the transaction in encrypted code. 

SSL authentication is important to the integrity for both ends, the server and the user.  If you are looking to get one for your website, then your web host can assist in generating that request.  They can guide you to the best solution for your site as well as e-commerce information.  There are typically small charges incurred for these services.  It creates a peace of mind for the user to know that their information is secure.