SSL stands for Secure Sockets Layer and it an old implementation of a crytographic protocol. TLS, or Transport Layer Security, is a new one. They are both used to have privacy in the communications between different parties. They are used to secure email, web browsing, instant messaging, etc
These protocols work in a complex way for me to describe in just a few lines and be accurate. All I can say is any communication there are two parties involved, sever and client (your website and someone else’s computer), happens in a private manner. This privacy is achieved by encrypting the communications making the channel secure. The cryptography is provided by complex mathematic algorithms so even if someone captures the communication between the two ends it will be very difficult, or even impossible, to see the content in it.
“But… come on! I just plan to have a small website, nothing big, I am not building a bank. I don’t really need this.”
This is what your brain is actually telling you right now. Don’t listen to it. Listen to me. If you just plan to have a website where the only user login in will be you, just skip this chapter and anything related to SSL/TLS appearing in this guide. However the possibility you are planning to have a site where some users will log in is beyond the plausible. Almost everyone building a website is planning to have users who will have profiles, who will share or build content, who will upload pictures, or something. If you need a log in SSL/TLS is at the time of writing very recommendable. In the near future, just a few months from now Google will mark any website with a login capability as insecure if that login is not performed using an SSL/TLS connection.
There are options for this and since the sign of times seems to be embracing crypto communications, it will become inevitable. Event though this may seem silly at some point. The crypto communication creates overhead and processing all this takes away speed and performance from the sites. Sniffing a username and a password from some forum or dark site on the internet also means someone is in the middle of that communication. The real problem is someone is wiretapping the ISP, the web server, your router, or your computer. Crypto solves one problem. If you look at the big picture though, it solves just a portion of it. The real problem may not be just plain text after all.
If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.
Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.
Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.
Mind Vultr supports FreeBSD on their VPS offer.