Encyclopedia - SSL

    SSL

    (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do three things: to validate the identity of a Web site; to create an encrypted connection for sending credit card and other personal data, and to ensure the received data were sent without error.


    HTTPS and Port Number 443
    An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).


    The Handshake
    After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.


    Data for Secret Keys Is Passed
    The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, server-gated cryptography, OpenSSL, security protocol and public key cryptography.


    SSL and TLS
    SSL was superseded by TLS (Transport Layer Security). TLS 1.0 came out in 1999 and is very similar to the last SSL version (SSL 3.0, 1996) but not identical. They are not interoperable; however, most Web sites and browsers support both, and the acronyms SSL/TLS and TLS/SSL are widely used. See TLS.