Secure Socket Layer (SSL)

2008 Oct 05


SSL is placed between the application and the TCP/IP stack at what is called the Socket Layer. Originally devoloped and published by Netscape. SSL includes multiple encryption algorithms for transporting data in a secure way. SSL uses digital certificates to authenticate systems and distribute encryption keys. Enables one-way authentication of a server to a client so that you have confidence that you are interacting with the server you intended. SSL can also provide two-way or mutual authentication of client and server, with both using accepted digital certificates.

HTTPS is an example of using HTTP through SSL. Both the client and server must use SSL for this to work.

In 1999, the IETF developed RFC 2246 which specifies a successor to SSL, known as Transport Layer Security (TLS).

Application
Application Functions
Secure Socket Layer (SSL)
TCP/IP
Stack
Transport Layer (TCP/UDP)
Network Layer (TCP/UDP)
Data Link and
Physical Connection

2005-2008