19. SSL/TLS

19.1. Introduction

In this chapter we cover the SSL family of protocols, which includes SSL versions 2 and 3 and TLS. SSL version 2 is rapidly being replaced by version 3, so we will focus on SSL v3 and TLS, and only discuss v2 when its difference from v3 is interesting (such as the exportability tricks). SSL/TLS allows two parties to authenticate and establish a session key that is used to cryptographically protect the remainder of the session.

19.2. Using TCP

SSL/TLS is designed to run in a user-level process, and runs on top of TCP. As discussed in §16.1 What Layer?, running on top of layer 4 allows deployment of SSL/TLS in a user-level process rather than requiring OS changes. Using TCP (the reliable layer 4 protocol) rather than ...

Get Network Security: Private Communication in a Public World, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.