By Vangie Beal
SSL (pronounced as separate letters) is short for Secure Sockets Layer.
Secure Sockets Layer (SSL) is a
protocol developed by
Netscape for transmitting private documents via the
Internet. SSL uses a
cryptographic system that uses two
keys to
encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
SSL URLs
Most
Web browsers support SSL, and many
websites use the protocol to obtain confidential user information, including credit card numbers. By convention,
URLs that require an SSL connection start with
https: instead of http:.
How SSL Works
When a
Web browser
tries to connect to a website using SSL, the browser will first request
the web server identify itself. This prompts the web server to send the
browser a copy of the
SSL Certificate.
The browser checks to see if the SSL Certificate is trusted -- if the
SSL Certificate is trusted, then the browser sends a message to the Web
server. The server then responds to the browser with a digitally signed
acknowledgement to start an SSL
encrypted
session. This allows encrypted data to be shared between the browser
and the server. You may notice that your browsing session now starts
with https (and not http).
Secure HTTP (S-HTTP)
Another protocol for transmitting data securely over the
World Wide Web is
Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a
server,
over which any amount of data can be sent securely, S-HTTP is designed
to transmit individual messages securely. SSL and S-HTTP, therefore, can
be seen as complementary rather than competing technologies. Both
protocols were approved by the
Internet Engineering Task Force (IETF) as a
standard.
SSL 3.0 Vulnerable and Obsolete
SSL version 3.0 is based on the 1996 draft. In 2014, the 3.0 version
of SSL was considered vulnerable due to POODLE (Padding Oracle On
Downgraded Legacy Encryption) attacks. These attacks allowed secure HTTP
cookies or HTTP Authorization header contents to be stolen from
downgraded communications. Today, SSL 3.0 is considered obsolete and has
been succeeded by Transport Layer Security (TLS), but it is still
widely deployed.
Going From SSL to TLS
Secure Sockets Layer (SSL) is the predecessor to
Transport Layer Security (TLS). TLS is an Internet Engineering Task Force (
IETF) standards track protocol that is based on the earlier SSL specifications.
Recommended Reading: Learn more about Transport Layer Security (TLS) in this Webopedia definition.
Comments
Post a Comment