Traffic between a web browser and a web server on the internet, or even within a corporate intranet, is open, and can be intercepted. To avoid the data being compromised, you can make use of protocols built into your web browser, along with IIS, to provide encryption, as well as authentication.

In the 1990s, Netscape Communications developed a protocol that provided some necessary security, in the form of the Secure Socket Layer (SSL) protocol. SSL 1.0 was never commercially released, while SSL 2.0 and SSL 3.0 were developed and released, but are now deprecated as unsafe.

Transport Layer Security (TLS) was developed openly as the next version of SSL. TLS 1.0 is essentially SSL 3.1. In 2014, Google identified a serious vulnerability ...