SSL/TLS

SSL and TLS are protocols that create secure, point-to-point connections over a network. This is achieved through a process known as a "TLS handshake," which happens automatically when a browser connects to a secure server. During the handshake, the server presents a digital certificate to prove its identity. The browser verifies this certificate with a trusted third-party Certificate Authority (CA). Once identity is confirmed, both parties negotiate a set of unique, secret keys to encrypt all subsequent communication for that specific session.

While the term "SSL" is still in common use, it is an outdated and less secure protocol. The modern standard is TLS, and Surfly employs TLS 1.3, the latest version, to provide the highest level of security and performance for its services.

Within Surfly's architecture, TLS provides both authentication and encryption for every connection. It allows the Interaction Middleware to operate securely, ensuring that users are connected to a legitimate Surfly server and that the data exchanged during the session is protected from end to end.

Authenticating the Proxy Endpoint

Before any data is encrypted, TLS first verifies the server's identity. This authentication step is a primary defense against man-in-the-middle attacks, ensuring that a user's browser is communicating with the genuine Surfly proxy and not a malicious impersonator.

• Presents a valid TLS certificate to the user's browser, proving that the Surfly server is authentic and trusted.
• Builds trust at the very start of a connection, before any user data or session information is transmitted.
• Protects against network-level attacks like DNS spoofing, where traffic could otherwise be redirected to a fraudulent server.

Establishing a Secure Session-Specific Channel

The TLS handshake creates a unique, temporary, and private communication channel for each individual co-browsing session. This process generates session-specific encryption keys that are used only for the duration of that one session and are then discarded.

• Uses Perfect Forward Secrecy (PFS), a feature of TLS 1.3, which ensures that even if a server's long-term private key were ever compromised, past session keys cannot be derived from it, protecting historical sessions.
• Guarantees that the security of one active session is completely isolated from all others, as each uses its own distinct set of encryption keys.
• Secures the entire data stream from the initial page request through every subsequent user interaction within the co-browsing session.

Providing a Standardized Basis for Compliance

Compliance frameworks and enterprise security policies often mandate the use of specific, current cryptographic protocols. Surfly’s use of TLS 1.3 is a direct technical control that satisfies these explicit requirements, simplifying the security and compliance vetting process for its customers.

• Meets strict industry mandates, such as those in PCI DSS, which require strong transport layer security for handling sensitive data.
• Demonstrates adherence to modern security best practices by removing support for obsolete cryptographic algorithms found in older SSL/TLS versions.
• Provides a well-documented, industry-standard security protocol that is understood and accepted by auditors and internal security teams, speeding up vendor approval.

‍