Secure Socket Layer (SSL)
Question: What is SSL (Secure Socket Layer)? Write a short note.
Secure Socket Layer (SSL):
E-commerce and banking sites require secure communications specially for commerce based transactions. For this browsers use HTTPS (HTTP + Secure) based communication which is inherently used Secure Socket Layer (SSL) or Transport Security Layer (TLS).
SSL was developed by Netscape originally and it is a asymmetric system. The SSL uses TCP to provide a reliable end-to-end secure service. In fact it is a two layers of protocols as shown. Here HTTP provides web client-server communication operate on the top of SSL.
|SSL Protocol Stack (Two Layer Protocol)|
SSL maintains a end to end connection which is associated with one session. The SSL session is maintained by SSL Handshake protocol. While the SSL Cipher Spec protocol managed exchange of encrypted information over the session. The SSL Alert protocol conveys alerts to peer entities (either client or server).
SSL Communication involves series of complex steps which are summarized here. It involves verification of the identity of the web server using digitally signed SSL certificate followed by exchange of encrypted data between the server and the web client.
|SSL Communication Steps|
This process provides a process to not only securely exchange a symmetric key, but also to verifies the server and optionally verifies the client to ensure secure web traffic.