SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are the cryptographic protocols Surfly uses to establish an authenticated and encrypted communication channel between a user's browser and the Interaction Middleware proxy servers, securing all co-browsing session data in transit.

What you need to know about
SSL/TLS

SSL and TLS are protocols that create secure, point-to-point connections over a network. This is achieved through a process known as a "TLS handshake," which happens automatically when a browser connects to a secure server. During the handshake, the server presents a digital certificate to prove its identity. The browser verifies this certificate with a trusted third-party Certificate Authority (CA). Once identity is confirmed, both parties negotiate a set of unique, secret keys to encrypt all subsequent communication for that specific session.

While the term "SSL" is still in common use, it is an outdated and less secure protocol. The modern standard is TLS, and Surfly employs TLS 1.3, the latest version, to provide the highest level of security and performance for its services.

The importance of
SSL/TLS

Within Surfly's architecture, TLS provides both authentication and encryption for every connection. It allows the Interaction Middleware to operate securely, ensuring that users are connected to a legitimate Surfly server and that the data exchanged during the session is protected from end to end.

Authenticating the Proxy Endpoint

Before any data is encrypted, TLS first verifies the server's identity. This authentication step is a primary defense against man-in-the-middle attacks, ensuring that a user's browser is communicating with the genuine Surfly proxy and not a malicious impersonator.

  • Presents a valid TLS certificate to the user's browser, proving that the Surfly server is authentic and trusted.
  • Builds trust at the very start of a connection, before any user data or session information is transmitted.
  • Protects against network-level attacks like DNS spoofing, where traffic could otherwise be redirected to a fraudulent server.

Establishing a Secure Session-Specific Channel

The TLS handshake creates a unique, temporary, and private communication channel for each individual co-browsing session. This process generates session-specific encryption keys that are used only for the duration of that one session and are then discarded.

  • Uses Perfect Forward Secrecy (PFS), a feature of TLS 1.3, which ensures that even if a server's long-term private key were ever compromised, past session keys cannot be derived from it, protecting historical sessions.
  • Guarantees that the security of one active session is completely isolated from all others, as each uses its own distinct set of encryption keys.
  • Secures the entire data stream from the initial page request through every subsequent user interaction within the co-browsing session.

Providing a Standardized Basis for Compliance

Compliance frameworks and enterprise security policies often mandate the use of specific, current cryptographic protocols. Surfly’s use of TLS 1.3 is a direct technical control that satisfies these explicit requirements, simplifying the security and compliance vetting process for its customers.

  • Meets strict industry mandates, such as those in PCI DSS, which require strong transport layer security for handling sensitive data.
  • Demonstrates adherence to modern security best practices by removing support for obsolete cryptographic algorithms found in older SSL/TLS versions.
  • Provides a well-documented, industry-standard security protocol that is understood and accepted by auditors and internal security teams, speeding up vendor approval.

A Practical Example of
SSL/TLS

Frequently asked questions about
SSL/TLS

We’ve compiled answers to the most frequently asked questions about

SSL/TLS

.

What’s the difference between SSL and TLS?

SSL is the older version of the protocol and is no longer considered secure. TLS is its modern replacement, and Surfly uses only the latest version—TLS 1.3.

Is all Surfly session traffic encrypted with TLS?

Yes. Every part of a Surfly session including browser traffic, APIs, and media streams is encrypted using TLS 1.3 for transport security.

What encryption strength does Surfly use for TLS?

Surfly uses 256-bit encryption for TLS sessions, which is considered extremely secure and in line with best practices for protecting sensitive information.

What happens if the target website uses only HTTP (non-secure)?

Even in those cases, the connection between the user and Surfly remains fully encrypted. Surfly securely fetches the HTTP content and serves it through its own encrypted TLS channel to all session participants.

Augment all your digital products with collaborative features