Next, Bitwarden uses Password-Based Key Derivation Function 2 (PBKDF2) with a default of
100,000 iteration rounds to stretch your Master Password with a salt of your Email Address.
The resulting salted value is the 256 bit Master Key. A hash of the master key is sent to the
server upon account creation and login, and used to authenticate the user account.
The Master Key is additionally stretched to 512 bits in length using HMAC-based
Extract-and-Expand Key Derivation Function (HKDF). The Protected Symmetric Key is
decrypted using the Stretched Master Key. The Symmetric Key is used to decrypt Vault Items. > The decryption is done entirely on the Bitwarden Client because your Master Password or > Stretched Master Key is never stored on or transmitted to Bitwarden servers.
Seems like SSL is not required (in my case and for my needs), as the master Key is hashed transmitted to server and vault data is encrypted transmitted to client.