Simplified SSL - About Secure Sockets Layer and HTTPS
Processing transactions securely on the web means that we need to be able to transmit information between the web site and the customer in a manner that makes it difficult for other people to intercept and read. SSL, or Secure Sockets Layer, takes care of this for us and it works through a combination of programs and encryption/decryption routines that exist on the web hosting computer and in browser programs (like Netscape and Internet Explorer) used by the internet public.
SSL Overview from the Customer's Browser viewpoint
- Browser checks the certificate to make sure that the site you are connecting to is the real site and not someone intercepting.
- Determine encryption types that the browser and web site server can both use to understand each other.
- Browser and Server send each other unique codes to use when scrambling (or encrypting) the information that will be sent.
- The browser and Server start talking using the encryption, the web browser shows the encrypting icon (Internet Explorer uses a CLOSED LOCK and Netscape uses a KEY), and web pages are processed secured.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL.
HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). HTTPS by default uses port 443 as opposed to the standard HTTP port of 80. URL's beginning with HTTPS indicate that the connection between client and browser is encrypted using SSL.
SSL transactions are negotiated by means of a keybased encryption algorithm between the client and the server, this key is usually either 128 or 256 bits in strength (the higher the number of bits the more secure the transaction). We use 256 bits to ensure the highest security.
|