Chapter 12. Understanding SSL and TLS
SSL is the Secure Sockets Layer, a general purpose protocol for sending encrypted information over the Internet. Developed by Netscape, SSL was first popularized by Netscape’s web browser and web server. The idea was to stimulate the sales of the company’s cryptographically enabled web servers by distributing a free client that implemented the same cryptographic protocols.
Since then, SSL has been incorporated into many other web servers and browsers, such that support for SSL is no longer a competitive advantage but a necessity. SSL is also being used for non-web applications, such as secure Telnet. SSL is now one of the most popular cryptographic protocols on the Internet.[69]
The Internet Engineering Task Force (IETF) is now in the process of creating a Transport Layer Security (TLS) protocol. This protocol is largely based on SSL 3.0, with small changes made in the choice of authentication algorithms and the exact message formats.
This chapter introduces SSL. Appendix C, provides detailed technical information.
What Is SSL?
SSL is a layer that exists between the raw TCP/IP protocol and the application layer. While the standard TCP/IP protocol simply sends an anonymous error-free stream of information between two computers (or between two processes running on the same computer), SSL adds numerous features to that stream, including:
Authentication and nonrepudiation of the server, using digital signatures
Authentication and nonrepudiation of the ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.