The development of technology is very fast to make people increasingly dependent on technology, one of which is the internet. With the internet, humans can do many things such as sharing information, making buying and selling transactions, etc. There is also an information page on the internet that can be accessed throughout the world while connected to the internet. This page is referred to as a website. In its implementation, the client uses the service on the web server by requesting it first and then the server responds to it. In the communication between the client and server there is a lot of data and information that is transmitted, both general and confidential information such as passwords. This information is very vulnerable to be taken or even just seen by the attacker.
When we start stepping into computer network science, the first thing we learn is usually TCP/IP. TCP/IP can be analogized like language. When humans exchange information, humans will speak a language that can be understood by the speaker and listener. Likewise, the computer or host on a network. In order for communication and information exchange to be well established, the same language is needed. Although the network host brands are different, the host can still communicate with other hosts because it uses the same communication standard, namely TCP/IP. The internet protocol was first designed in the 1980s. However, in the 1990s where the internet was increasingly popular and there were more and more hosts, protocols began to emerge that could only be used by certain circles, or protocols made by certain manufacturers that were not necessarily compatible with other protocols from other factories as well. So in the end the International Standards Organization (ISO) body made a standardization of the protocol that is currently known as the Open System Interconnection protocol model or abbreviated OSI. The OSI model is a reference and basic concept of the theory of how a protocol works. In its development TCP/IP is used as the de facto standard.Compared to the various terms in the “per-website” world, the term SSL is not very popular. Understandably, the terms relating to security and privacy are sometimes overlooked because they are less respected by the terms in the field of design and business. So, what is SSL and what is the point? Quoted from Symantec Website Security (www.websecurity.symantec.com):
(Secure Sockets Layer) SSL Is a Technology that:
– maintain internet connection security,
– maintain the security of sensitive data sent between systems,
– prevent criminals (hackers) from accessing and modifying the information sent, including personal data (private).
How does SSL work?
One of the data transfers between systems that are secured by SSL is the transfer of data / information between the web server and the web browser (client). Besides web server and browser, SSL also secures data exchange between server and server.
This protocol provides final authentication and privacy of communications on the Internet using cryptography. In general usage, only the authenticated server (in this case, has a clear identity) as long as the client side remains unauthenticated. Authentication from both sides (mutual authentication) requires the spread of PKI on its clients. This protocol allows applications from the client or server to communicate designed to prevent eavesdropping, tampering and message forgery.
Both TLS and SSL involve a number of basic steps:
– Negotiate with client or server end for algorithm support.
– Public key, encryption-based-key, and certificate-based authentication
– Symmetric-cipher-based traffic encryption
SSL (Secure Socket Layer) is a digital file in the form of data that functions to encrypt the website. Visually SSL displays the website url with HTTPS or the presence of a green padlock on the left side of the website url address.
This SSL Certificate function prevents websites from being attacked by irresponsible third parties and misusing data. The running of the SSL certificate function uses two key cryptography namely public key and private key.
The SSL and TLS protocols run at the layer below application protocols such as HTTP, SMTP and NNTP and above the TCP transport protocol layer, which is also part of the TCP / IP protocol. As long as SSL and TLS can add security to any protocol that uses TCP, they are most often found in HTTPS access methods. HTTPS provides web-page security for applications such as Electronic commerce. The SSL and TLS protocol uses public-key cryptography and public key certificates to ensure the identity of the intended party. In line with the increasing number of clients and servers that can support TLS or SSL naturally, and some still do not support. In this case, the user from the server or client can use standalone-SSL products such as Stunnel to provide SSL encryption.
The initial definition of TLS appears in RFC 2246 “The TLS Protocol Version 1.0” Other RFCs also explain further, including:
RFC 2712: “Addition of Kerberos Chiper Suites to Transport Later Security (TLS)” (‘Addition of Kerberos Cipher Suites to Transport Layer Security’). The 40-bit ciphersuite defined in this memo appears only for the purpose of documenting the fact that the ciphersuite code has been registered.
RFC 2817: “Upgrading to TLS Within HTTP / 1.1” (‘Increased TLS in HTTP / 1.1’), explains how to use the upgrade mechanism in HTTP / 1.1 to initialize Transport Layer Security over existing TCP connections. This allows secure HTTP traffic and not secure to share the same “popular” port (in this case, http on 80 and https on 443)
RFC 2818: “HTTP Over TLS” (‘HTTP over TLS’), distinguishes secure traffic from non-secure traffic using different ports.
RFC 3268: “AES Ciphersuites for TLS” (‘AES Ciphersuite for TLS’). Adding ciphersuite Advanced Encryption Standard (AES) to previous symmetric ciphers, such as RC2, RC4, International Data Encryption Algorithm (IDEA), International Data Encryption Algorithm, DESEA Data Encryption Standard Triple DES.
History and Development
Developed by Netscape, SSL version 3.0 was released in 1996, which eventually became the basis for the development of Transport Layer Security, as the IETF standard protocol. The initial definition of TLS appears in RFC, 2246: “The TLS Protocol Version 1.0”. Visa, MaterCard, American Express and many other leading financial institutions that utilize TLS for commerce support via the internet. Like SSL, the TLS protocol operates in a modular manner. TLS is designed to develop, by supporting the ability to increase and return to the original conditions and negotiations between the ends.