Using the SSL/TLS protocol securely

Certain data should be transferred in encrypted format when surfing the Internet, e.g. credit card data when online shopping. The browser uses a technique called SSL/TLS protocol for this purpose. It establishes a secure network connection between the website and your computer.

SSL stands for Secure Socket Layer, a protocol that has now evolved into its successor TLS (Transport Layer Security). The SSL/TLS technology identifies a website and makes sure data cannot be read or manipulated while it is being transferred. All common browsers now support the SSL/TLS protocol.

You can tell when a browser has established an encrypted connection with the website you have opened by the 's' (for 'secure') that will have been added to the 'http' at the start of the website address. So the website address will look like this, for example: https://www.bsi.bund.de. Whenever you are carrying out sensitive online transaction such as banking or shopping, the website you use should have an https address.

Every time an https website address is called up, the browser checks whether the website provider can produce a valid certificate. If it cannot, the browser issues a warning message. If you receive this or a similar warning from the browser, you should stop using the website in question.

Certificates provide security

There is a second security feature you should take note of besides this warning message: the strength of the certificate. Different browsers show you this in different ways. In Internet Explorer, Mozilla Firefox or Google Chrome, the colour of the address field, or of the text that comes before or after the address bar, turns green — this indicates the highest certificate security level.
Here is an example:

Information about which browsers indicate the various certificate security levels in which ways and in which colours can be found on the corresponding pages. A good rule of thumb is to always use the highest certificate security level for sensitive transactions. If you are ever in any doubt, cancel your transaction. You may find a list of accepted certification authorities in the 'Settings' of the browser (or operating system) you are using.

Caution! Note on the padlock symbol

The security certificate, recognisable by the padlock symbol in the status bar, does not protect against phishing attacks. Criminals are working ever more effectively, so there now exists a variety of phishing websites that have a valid certificate and therefore bear the padlock symbol. How to effectively identify phishing websites

• Mozilla Firefox: Website identity button
• Internet Explorer: What do the different colours mean in the security status bar?
• Chrome: Website identity
• Opera: Security information
• Safari: Using website encryption