HTTPS and TLS/SSL – CompTIA Security+ SY0-401: 1.4

Without encryption, we would not be able to securely use our network connections. In this videos, you’ll learn how your browser encrypts all of the information you send to a web server using HTTPS or TLS/SSL.

<< Previous Video: DNSNext: Storage Area Networking >>

In the security world, obviously encryption is extremely important. We want to be able to make sure data that is sent across the internet is something that only I am able to see and the web servers are able to see.

So, for web pages we use a number of different encryption technologies to be able to do this. You’ll see this often represented as HTTPS, which is our Hypertext Transfer Protocol with the S on the end and S means secure, which means that’s an encrypted connection. So, what you’re doing is essentially setting up that encrypted link to that web server and it’s using an encryption method called TLS, which is commonly called SSL, although that’s not technically an accurate representation of what this is. But when somebody says, “I have SSL encryption on my web server,” that is what they’re referring to. It’s able to then do HTTPS. Now, this Transport Layer Security, and some people still call it Secure Sockets Layer, is what’s really doing the hardcore encryption for our server.

SSL was an encryption technology created by Netscape way back in the day, and it was updated and a standard was created by the Internet Engineering Task Force, the IETF, that updated it and created a new name for it called TLS. So, we can see that that’s a little bit different than SSL. Now, the reality is that the web servers that you’re connecting to are really encrypting the data with TLS. Even if they say on the web server, “This is SSL encrypted data,” it’s really TLS that’s doing It. And the way you can tell is to go to your browser, and there’s a lock on your browser that shows you that the data is encrypted, and that’s the method that’s being used in your browser to be able to do that.

This technology is also used in things outside of the browser, and you don’t have to use HTTPS and that TLS encryption in the browser, third-party applications can use those as well. It’s an encryption technology and something that’s very easy to implement because the libraries are open and available for anybody to use. So people will sometimes use this to hide information from the security folks. Because they’re using their own devices with their own encryption certificates, you don’t have access to be able to see some of those things sometimes. So, if you see a large amount of SSL or TLS type traffic on your network and you’re wondering, “Where’s that coming from? Where’s it going to? I don’t recognize it,” you may want to look a little bit deeper and find out what’s really happening on that particular link of communication between those two machines.