How TLS/SSL Encryption Protects the Internet?

Faiz Ahmed FarooquiFaiz Ahmed Farooqui
4 min read

Table of contents

Understanding the Security Behind HTTPS

Have you ever noticed the padlock icon πŸ”’ in your browser’s address bar? That’s because TLS/SSL encryption is securing your connection! Without TLS (Transport Layer Security), attackers could eavesdrop on your data, steal credentials, or perform man-in-the-middle (MITM) attacks.

In this article, we’ll break down how TLS/SSL works, why it’s essential, and how it secures modern internet communication.

🌍 What is TLS/SSL Encryption?

TLS (Transport Layer Security) and its predecessor, SSL (Secure Sockets Layer), are cryptographic protocols that provide secure communication between clients (browsers, apps) and servers (websites, APIs).

πŸ”Ή Why Do We Need TLS/SSL?

βœ” Confidentiality – Data is encrypted, preventing unauthorized access.
βœ” Integrity – Ensures data is not altered during transmission.
βœ” Authentication – Verifies that you’re connecting to the real website, not an imposter.

πŸ”‘ How TLS/SSL Works: The Handshake Process

When you visit a website using HTTPS, your browser and the server perform a TLS handshake before data transmission begins.

sequenceDiagram
    participant Client (Browser) as πŸ”΅ Client (Browser)
    participant Server (Website) as 🟒 Server (Website)

    Client (Browser) ->> Server (Website): 1️⃣ Hello! Send me your TLS certificate πŸ“œ
    Server (Website) -->> Client (Browser): 2️⃣ Here’s my certificate! πŸ›‘οΈ (Signed by CA)
    Client (Browser) ->> Server (Website): 3️⃣ I trust the CA! Let's generate session keys πŸ”‘
    Server (Website) -->> Client (Browser): 4️⃣ Secure session established! πŸ”’

    Note right of Client (Browser): πŸ” Now all data is encrypted!

πŸ“Œ Step-by-Step Breakdown of the TLS Handshake

1️⃣ Client Hello:

  • The browser (client) requests a secure connection from the server.

  • It sends supported encryption algorithms (ciphers) and a random number.

2️⃣ Server Hello & Certificate Exchange:

  • The server responds with its TLS certificate, containing:
    βœ” The server’s public key πŸ”‘
    βœ” The Certificate Authority (CA) signature πŸ›‘οΈ
    βœ” The domain name it’s issued for

3️⃣ Key Exchange:

  • The client validates the certificate with the CA’s public key.

  • A session key is generated for encryption.

4️⃣ Secure Connection Established:

  • All further communication is encrypted using symmetric encryption (AES).

πŸ” TLS vs SSL: What’s the Difference?

FeatureSSL (Deprecated)TLS (Modern Standard)
SecurityWeak, vulnerable to attacksStronger encryption & protection
PerformanceSlowerFaster, optimized handshakes
Supported VersionsSSL 2.0, SSL 3.0 (Deprecated)TLS 1.2, TLS 1.3 (Latest)
Used InOlder web appsModern HTTPS websites, APIs

πŸ“Œ TLS 1.3 is the latest version, offering faster performance and stronger encryption.

πŸ”’ Why is TLS/SSL Important for Security?

βœ… Prevents MITM Attacks – Ensures no one can intercept or modify data.
βœ… Encrypts Sensitive Data – Protects passwords, credit card info, API requests.
βœ… Builds Trust & SEO Benefits – Google ranks HTTPS sites higher than HTTP.

🌍 Where is TLS/SSL Used?

πŸ“Œ Websites & Browsers (HTTPS) – Protects login pages, payments, personal data.
πŸ“Œ APIs & Web Services – Ensures secure data exchange between systems.
πŸ“Œ Emails (SMTP over TLS) – Encrypts email communications.
πŸ“Œ VPNs & Secure Networks – Protects corporate data over public networks.

πŸ› οΈ How to Implement TLS/SSL?

1️⃣ Obtain an SSL/TLS Certificate from a trusted Certificate Authority (CA).

  • Free options: Let’s Encrypt

  • Paid: DigiCert, GlobalSign, GoDaddy

2️⃣ Enable HTTPS on Your Server

  • For NGINX:

      sudo certbot --nginx -d yourdomain.com

  • For Apache:

      sudo certbot --apache -d yourdomain.com

3️⃣ Use Strong TLS Versions & Ciphers

  • Disable weak protocols like SSL 3.0, TLS 1.0

  • Enforce TLS 1.2 or TLS 1.3

4️⃣ Check Your TLS Configuration

  • Use SSL Labs Test β†’ https://www.ssllabs.com/ssltest/

πŸš€ Final Thoughts

TLS/SSL is the backbone of secure internet communication. Without it, hackers could intercept, modify, and steal sensitive data.

βœ… Always use HTTPS for websites & APIs.
βœ… Upgrade to TLS 1.3 for better performance & security.
βœ… Check your SSL certificate regularly to avoid expiration.

Would you like a tutorial on setting up TLS for Node.js or AWS API Gateway? Let’s discuss in the comments! πŸ‘‡

About Me πŸ‘¨β€πŸ’»

I'm Faiz A. Farooqui. Software Engineer from Bengaluru, India.
Find out more about me @ faizahmed.in

0
Subscribe to my newsletter

Read articles from Faiz Ahmed Farooqui directly inside your inbox. Subscribe to the newsletter, and don't miss out.

tls-encryptionTLSSSLencryption

Written by

Faiz Ahmed Farooqui
Faiz Ahmed Farooqui

Principal Technical Consultant at GeekyAnts. Bootstrapping our own Data Centre services available at https://bolt.sh I lead the development and management of innovative software products and frameworks at GeekyAnts, leveraging a wide range of technologies including OpenStack, Postgres, MySQL, GraphQL, Docker, Redis, API Gateway, Dapr, NodeJS, NextJS, and Laravel (PHP). With over 9 years of hands-on experience, I specialize in agile software development, CI/CD implementation, security, scaling, design, architecture, and cloud infrastructure. My expertise extends to Metal as a Service (MaaS), Unattended OS Installation, OpenStack Cloud, Data Centre Automation & Management, and proficiency in utilizing tools like OpenNebula, Firecracker, FirecrackerContainerD, Qemu, and OpenVSwitch. I guide and mentor a team of engineers, ensuring we meet our goals while fostering strong relationships with internal and external stakeholders. I contribute to various open-source projects on GitHub and share industry and technology insights on my blog at blog.faizahmed.in. I hold an Engineer's Degree in Computer Science and Engineering from Raj Kumar Goel Engineering College and have multiple relevant certifications showcased on my LinkedIn skill badges.