What Is SSL And How Does It Work?

SSL/TLS, Cryptography, SSL Certificates, and the Infamous Heartbleed Vulnerability

Browsers let users know when they are communicating with an SSL-enabled web-server with a padlock icon, assuring them of the authenticity of the server and that their communication will be private.

What is SSL and how does it work?

What is Symmetric Encryption and Asymmetric Encryption?

What is an SSL certificate?

Using an open source SSL library, we can inspect the public key of the SSL certificate issued to google.com. Note the SSL protocol uses IP port 443. Also note the x509 argument specifies we want to view this key in the x509 standard for public keys.

Where do SSL certificates come from?

What are self-signed SSL certificates? What other types of SSL certificates are there?

Self-signed certificates will cause the browser to raise a warning. These can be ignored as long as you are not sending sensitive information like credit card numbers or passwords to the server, and don’t care if the web server sends back false information.
Chrome uses a padlock to inform the user the website with domain validated or organization validated SSL certificates.
Chrome uses a padlock but also the organization’s name in green to inform the user the website is using an extended validation SSL certificate.

How does the client know an SSL certificate has been issued by a legitimate certificate authority?

From the chrome developer tools’s security tab, we see that foxpass.com uses an SSL certificate issued by RapidSSL, an intermediate certificate authority, who was in turn issued a certificate by Geotrust, a root certificate authority. We call this a certificate chain.

So how does the SSL protocol actually work?

Diagram from RFC 6101 illustrating the SSL handshake. Note that ClientHello is the first message that the client sends to server to initiate the SSL handshake. So polite!

How do we install an SSL certificate on a server?

listen 443 ssl http2 default_server; 
listen [::]:443 ssl http2 default_server;
include snippets/ssl-certs.conf;
include snippets/ssl-params.conf;

What is SSL Termination?

What was the SSL Heartbleed Vulnerability?

As per usual, XKCD explains the heartbleed bug with an easy-to-understand comic.

Aside from Web Browsers and Web servers what else uses SSL?

What are all the versions of SSL/TLS?

What cipher-suites are used by SSL?

Writing About Rails, React, Web Application Technology, Databases, and Software Engineering