SSL creates an encrypted connection between your device and a website's server. When you visit a site with SSL enabled, your browser and the server perform a handshake to verify each other's identity and establish encryption keys. All data sent between them is then encoded, making it unreadable to third parties.
SSL is now largely superseded by its successor, TLS (Transport Layer Security), though the term SSL persists colloquially. Modern websites use TLS 1.2 or TLS 1.3 for stronger security. Many people refer to SSL/TLS certificates interchangeably when discussing website security.
Why it matters: Without SSL/TLS, hackers on the same network can intercept login credentials, payment card details, and personal data. Financial sites, email providers, and e-commerce platforms all require it.
What to look for:
- A padlock icon in your browser's address bar signals an active SSL connection
- Websites with HTTPS in the URL (not HTTP) use SSL/TLS encryption
- Self-signed certificates offer encryption but lack third-party verification, which can trigger browser warnings
Common misunderstandings: SSL/TLS encrypts data in transit, but not data stored on the server itself. A secure connection doesn't guarantee the website is legitimate or trustworthy, though legitimate vendors typically use recognised certificate authorities like Let's Encrypt or Comodo. Always verify the domain name matches the organisation you expect.
When shopping online or entering credentials, always confirm the padlock appears before submitting information.