How does secure socket layer (SSL/TLS) work? Why do retail websites require https?

To answer what is secure socket layer and how it keeps websites secure it is important to understand the making of the Internet. The internet in turn is an abstract concept meaning the interconnected network of computers across the globe. Computers interact with each other to create services necessary for us.

To start off, you just need to know that there has to be a physical cable between two computers for interaction to happen between them.

A physical cable

Yes, a physical cable is the most important component of the internet. There has to be a cable between your computer and this computer for you to be able to read this. Cables a lot of them! So many cables and of such enormous scales that it is a trillion dollar industry.

The primary object of companies like Airtel, Vodafone, AT&T, etc. is to lay cables, cable of all types: coaxial, heliax, twisted pair, optical fibre, so on and so forth.

Cables can be terrestrial, hooked on to cable posts, or dug deep into the ground, or even submarine. You can visit this site to see the current distribution of submarine cables across the globe: Submarine Cable Map


Our world is not technically wireless. Wireless over long distance has a failure rate thousand times that of a cable. Wireless is fun and frequent in short distances. Ultimately, all such wireless access points are connected together by cables.

Interception and hacking

The problem with wires, wireless and communication in general is interception. If it is a wire, you can cut in between the two ends to intercept. If it is wireless you can do what the receiver is doing and no one would know that they are being heard.

Although hacking has not been defined in any legal text, it is in simpler language nothing but finding out clever ways of interception. If it is too obvious then it is not considered hacking 😀


The solution is then to hold communication in a way only the sender and receiver would understand. The US Army employed the native American tribal people to hold secret conversations over long distance radio.

It is obviously quite difficult to invent new languages every time we need to hold a secret conversation, therefore, encryption of prevalent languages.

You can read more about encryption and different forms of encryption here:

A brief history of the internet, cryptography, cryptanalysis and encryption laws of India

Encryption and Symmetric Cryptography – How is data secured electronically?

Understanding Asymmetric Cryptography, Public Key, Private Key and the RSA Algorithm

Secure Socket Layer (SSL)/ Transport Layer Security (TLS)

SSL is not a device or a physical socket, it is just a protocol or a set of mathematical rules to hold encrypted communication.1

The protocol is amended periodically to make it more robust. SSL was renamed TLS at the release of version 4. So TLS is basically the fourth version of SSL and uses the same basic technology.

SSL certificates can be generated by oneself or bought from service providers. These certificates contain passwords which can be used to encrypt communications between a website and it’s visitor.


When we buy goods from an online retailer, our credit card and other identification details are sent over the network to effect such transactions. If the retailer does not have SSL enabled on it’s website all communication can be tapped into and sensitive data can be intercepted by third parties.

The retailer might not face any injury, but the buyer may have to face identity theft, fraudulent transactions, etc.

From January onwards, Google Chrome browser is showing a “Not secure” message on all websites with password and credit card form fields that are not protected with an SSL/TLS certificate. Google has also been promoting SSL enabled sites by according them higher search rankings.

  1. RFC 5246 – The Transport Layer Security (TLS) Protocol Version 1.2

Author: Donnie Ashok

Donnie Ashok is a software developer who happened to study law! He graduated from Gujarat National Law University in 2017 and currently works as a Full Stack Developer at an medical insurance startup in Berlin, Germany.

Leave a Reply