Secure Sockets Layer (SSL): How It Works
What Happens When a Web Browser Connects to a Secure Web Site
A browser attempts to connect to a Web site secured with SSL.
Encryption Protects Data During Transmission
Web servers and Web browsers rely on the Secure Sockets Layer (SSL) protocol to create a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it. When a Web browser points to a secured domain, a level of encryption is established based on the type of SSL Certificate as well as the client Web browser, operating system and host server’s capabilities. That is why SSL Certificates feature a range of encryption levels such as "up to 256-bit".
Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That's over a trillion times a trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate. To enable strong encryption for the most site visitors, choose an SSL Certificate that enables at least 128-bit encryption for 99.9% of Web site visitors. True 128-bit SSL Certificates
Credentials for establishing identity are common: a driver’s license, a passport, a company badge. SSL Certificates are credentials for the online world, uniquely issued to a specific domain and Web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser. To view a Web sites’ credentials:
- Click the closed padlock in a browser window
- Click the trust mark (such as the VeriSign Trust™ Seal)
- Look in the green address bar*
*Only SSL Certificates with EV trigger high-security Web browsers to display your organization’s name in a green address bar. Learn more: SSL Security and Extended Validation
Trust of a credential depends on confidence in the credential issuer, because the issuer vouches for the credential’s authenticity. Certificate Authorities use a variety of authentication methods to verify information provided by organizations. VeriSign, the leading Certificate Authority, is well known and trusted by browser vendors because of our rigorous authentication methods and highly reliable infrastructure. Browsers extend that trust to SSL Certificates issued by VeriSign.
VeriSign® SSL Certificates offer more services to protect your site and grow your online business. Our combination of SSL, vulnerability assessment and daily Web site malware scanning helps you provide site visitors with a safer online experience and extend security beyond https to your public-facing Web pages. The VeriSign Trust Seal and Seal-in-Search technology help assure your customers that your site is safe from search to browse to buy