How does SSL really work?

Ref: https://stackoverflow.com/questions/470523/how-does-ssl-really-work

HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).

Why is it needed?

HTTPS encrypts data that is transmitted from browser to server over the network. So, no one can sniff the data during transmission.

How HTTPS connection is established between browser and web server?

Browser tries to connect to the https://payment.com.

payment.com server sends a certificate to the browser. This certificate includes payment.com server's public key, and some evidence that this public key actually belongs to payment.com.

Browser verifies the certificate to confirm that it has the proper public key for payment.com.

Browser chooses a random new symmetric key K to use for its connection to payment.com server. It encrypts K under payment.com public key.

payment.com decrypts K using its private key. Now both browser and the payment server know K, but no one else does.

Anytime browser wants to send something to payment.com, it encrypts it under K; the payment.com server decrypts it upon receipt. Anytime the payment.com server wants to send something to your browser, it encrypts it under K.