SSL Security
Everything you access or transmit on our website is encrypted with a high grade SSL certificate and is 100% secure.
What Is SSL?
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server (ROEC) and a visitor (YOU) — typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, he can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
How Does SSL Create a Secure Connection?
When your web browser (internet explorer, firefox, edge, chrome, opera …etc.) attempts to access our SSL secured website, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL Handshake is invisible to the user(YOU) and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.
- Browser connects to server (www.roec.biz) secured with SSL (https). Browser requests that the server identify itself.
- Server sends a copy of its SSL Certificate, including the server’s public key.
- Browser checks the certificate root against a list of trusted CAs (Certificate authority) and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
- Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
- Server and Browser now encrypt all transmitted data with the session key.
In the below image, you can see how the roec.biz web address is displayed on different browsers. “https://” and the “lock” icon have to be visible at all time.
One of the most important components of an website is creating a trusted environment where visitors feel safe. Browsers give visual cues, such as a lock icon or a green bar, to help visitors know when their connection is secured.