Secure Sockets Layer (SSL) is a protocol used to secure requests. The protocol is used to protect against man-in-the-middle attacks, amongst other things. It does so by encrypting data in the request and verifying the identity of the browser and server. It's used to make HTTPS connections.
SSL is enabled on a server by installing a certificate. Certificates are issued by 3rd parties such as Let's Encrypt.
When a user sends a request to a server, it requests that the server identify itself. The server responds with the SSL certificate. The browser determines whether or not it can trust the certificate. If the browser finds it valid, it responds to the server. An encrypted session is now established between the client and the server.
Requests sent over an HTTPS connection are:
- Encrypted. All data sent over the connection is encrypted, ensuring 3rd parties who intercept the request can't decode the data.
- Identifiable. The identity of the client and the server can be authenticated.
- Signed. The data of the request is digitally signed. It can't be altered without failing an integrity check. This is conceptually similar to how JSON Web Tokens (JWT's) work.