Securing the Sockets over TSL/SSL
In this tutorial we will understand the concept of securing the sockets over TSL/SSL.
Before diving into the depth of TSL and SSL, we should first understand what is Encryption. According to wikipedia, "Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted."
Encryption is necessary to ensure the confidentiality of message/data.
TLS(Transport Layer Security) and SSL(Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network.
The terms SSL and TLS are often used interchangeably, but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.
For SSL/TLS handshake to take place, the system administrator must have:
- Private Key: Used for data encryption.
- Certificate: To ensure the authenticity of client.
Although SSL handshake is a bit more complex. We will explain it in simplest possible way.