Appendix C. The SSL 3.0 Protocol
This appendix describes the SSL Version 3.0 protocol which we introduced in Chapter 12. It is meant to give a general overview of the protocol to a semi-technical audience. It also provides some information about SSLeay, a freely available implementation of this protocol.
The Internet Engineering Task Force (IETF) Transport Layer Security (TLS) working group is in the process of creating a TLS standard based on SSL 3.0. Although TLS should eventually supersede SSL, it may be a year or more before the TLS standard is finalized and the protocol is built into readily available software. In the meantime, SSL 3.0 is likely to remain the de facto standard for transport layer security.
The current TLS standard can be found at http://www.consensus.com/ietf-tls/.
History
The SSL protocol was designed by Netscape Communications for use with Netscape Navigator. Version 1.0 of the protocol was used inside Netscape. Version 2.0 of the protocol shipped with Netscape Navigators Versions 1 and 2. After SSL 2.0 was published, Microsoft created a similar secure link protocol called PCT (described briefly in Chapter 11) that overcame some of SSL 2.0’s shortcomings. The advances of PCT were incorporated into SSL 3.0, which is being used as the basis for the secure protocol being developed by the IETF.
The SSL v3.0 protocol is arranged in two layers:
SSL message layer[120] (User Data; Handshake messages; Alert messages; Change Cipher Spec messages)
Record layer (SSL records) ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access