The functioning of the Internet is based on the work of various protocols (TCP, IP and others). They all work together and each of them has a specific function.In 1995, SSL (Secure Sockets Layer) was introduced – a cryptographic protocol that provides secure communication between a user and a server. Thanks to its work, it was possible to safely transfer information or exchange data. However, in 2014, vulnerabilities were discovered in his work. And based on SSL 3.0, a new standard was developed .
TLS (Transport Layer Security) is a cryptographic protocol that provides secure data exchange between a server and a client. The protocol operates on three levels of protection:is responsible for the confidentiality of data transmitted from computer to computer,
monitors the integrity of the transmitted information.
During the development, all the mistakes of the predecessor were taken into account and corrected. Unlike SSL, the new protocol is regularly updated and continues to evolve. Currently, only the TLS protocol is used to secure the connection. Therefore, when it comes to SSL, what is really meant is TLS.
Data protection with SSL
Install an SSL certificate and your site will work over a secure HTTPS connectionThe TLS protocol is at the heart of secure communications, but does not provide it by itself. For a secure connection to take place, you need to configure one of the secure Internet connections, for example – FTP (for transferring and downloading files), IMAP / POP3 / SMTP (for mail protocols) and HTTPS (for Internet pages).HTTPS is the best known secure connection protocol that protects data at the browser level.However, for the site to work over a secure HTTPS connection, you must select and install an SSL certificate for the site. Read more about this in the article What is the https protocol and how it works and What is the secure sockets layer and how SSL works .
TLS security settings
Any action on the network is an exchange of data between the user’s computer (server) and the server that stores the information. Each time you enter a query in the search bar, log in to your account or navigate from one page of the site to another, the user and the server interact with each other. These interactions are called transactions, and their collection is called a session. TLS is responsible for the security of transactions and sessions in general.
TLS provides security in three steps:
Chain of trust.
At the TLS Handshake stage, the connection parameters (protocol version, encryption method and connection) are negotiated between the client and the server. For this, RSA key exchange is used:
Each such check requires a large amount of computing resources. In order not to establish a new connection and not to check the certificate again every transaction, the TLS False Start procedure was developed.TLS False Start – Session resumption procedure. If transactions are performed within one running session, this stage allows you to skip the Handshake procedure. The protocol reuses the data that has already been processed and confirmed at the beginning of the session. Moreover, each session has its own lifetime. As soon as the session expires, a new session is started using TLS Handshake.Also, a mandatory procedure for a TLS connection is the TLS Chain of trust . She is responsible for authentication between client and server. “Chain of Trust” works on the basis of regular authentication – compliance of certificates with the standards of the Certification Authorities that issue them. The authenticity of the certificate is checked regularly during the session. If it is found that the certificate is compromised (that is, the data under its protection was intercepted), the data will be revoked, the transaction will not take place and the session will be interrupted.Thus, when transferring data, the Handshake or False Start procedure is first called, which negotiates the parameters, and then the Chain of trust, which provides authentication (verification of the authorship of the transmitted information). Read more about how TLS works in the official Datatracker documentation .
Impact of SSL / TLS on SEO
SEO (Search Engine Optimization, search engine optimization) is a comprehensive development and promotion of a site for its entry into the first positions in search engine results (SERPs). Search engine optimization helps to increase website traffic.Using an SSL certificate has an impact on SEO performance, but the impact is rather indirect. Since 2015, Google has prioritized ranking (that is, assigning a place to the site in the search results) to those sites that operate on the HTTPS protocol. Yandex and Mozilla adhere to the same policy.The Google Chrome browser is one of the most popular browsers on the Russian Internet. Recently, Chrome has marked HTTP sites as insecure:The main risk of working over HTTP is that part of the potential audience of the site may simply be frightened by the warning in the browser line. Users will leave the site page before it has time to load, which means that site traffic will be low.
SSL / TLS installation
At REG.RU you can purchase an SSL certificate that works over TLS version 1.2. To do this, select the appropriate certificate and follow three steps – order , activate and install it on the site.If you were unable to create a secure SSL / TLS channel or have problems setting up the SSL protocol, contact our specialists for help via a support ticket .
Checking the site for SSL / TLS
In addition to a quick check through the search bar of the browser, any site can be additionally checked for a secure connection through special services. In the article How to verify an SSL certificate, we have described in detail the most popular verification services. With their help, you can also determine exactly what protocol the site is using.Consider the option of testing a site using the SSL Server Test service For this:1.In a browser, go to the SSL Server Test page .
2.In the Hostname field, enter the domain and click Submit :3.Wait for the end of the check. In the “Configuration” block, you will see the protocols that the site supports: