The most ubiquitous transport-layer tunneling protocol, by far, is the Secure Sockets Layer (SSL)—the protocol used to, among other things, secure HTML (Hypertext Markup Language) transactions on the Web. As we shall see, SSL has many applications and can easily be used to build general-purpose transport-layer tunnels. In this chapter, we examine the SSL protocol, watch its operation on the wire by means of the tcpdump and ssldump utilities, see how we can use it to build a tunnel between two programs—one or both of which need not be SSL-aware—and, finally, see how we can use it to build a VPN between two networks.

The first SSL specification originated in 1994 at Netscape, which was interested in ...