SSL (Secure Socket Layer) is a security layer functioning between the application and transport layers. In other words, it is a protocol layer that can be placed between a reliable connection-oriented network layer protocol (e.g. TCP/IP) and the application protocol layer (e.g. HTTP).
IETF has renamed it as TLS (Transport Layer Security). TLS is documented in RFC 2246 and identifies itself in the protocol version field as SSL 3.1. TLS (and its predecessor SSL) are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
SSL is used extensively by web browsers to provide secure connections for transferring credit cards numbers and other sensitive data. An SSL protected HTTP transfer uses port 443 (instead of HTTP's normal port 80), and is identified with a special URL method - https.
SSL creates a secure link between the web server and the browser, thereby facilitating e-transactions.
SSL, like most modern security protocols, is based on cryptography. After an SSL session is established, the following processes take place:
1. Server will announce a public key to the client. No encryption is in use initially, so both parties (and any eavesdropper) can read this key.
2. The client will generate 46 bytes of random data.
3. The client will then form this data into a single very large number according to PKCS#1.
4. It will then encrypt this with the server's public key and send the result to the server.
5. Only the server, with its private key, can decode the information to determine the 46 original bytes. Thus, the data the client has sent can only be decoded by the server and no one else.
6. This shared secret is now used to generate a set of conventional RC4 cipher keys to encrypt the rest of the session.
IETF has renamed it as TLS (Transport Layer Security). TLS is documented in RFC 2246 and identifies itself in the protocol version field as SSL 3.1. TLS (and its predecessor SSL) are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
SSL is used extensively by web browsers to provide secure connections for transferring credit cards numbers and other sensitive data. An SSL protected HTTP transfer uses port 443 (instead of HTTP's normal port 80), and is identified with a special URL method - https.
SSL creates a secure link between the web server and the browser, thereby facilitating e-transactions.
SSL, like most modern security protocols, is based on cryptography. After an SSL session is established, the following processes take place:
1. Server will announce a public key to the client. No encryption is in use initially, so both parties (and any eavesdropper) can read this key.
2. The client will generate 46 bytes of random data.
3. The client will then form this data into a single very large number according to PKCS#1.
4. It will then encrypt this with the server's public key and send the result to the server.
5. Only the server, with its private key, can decode the information to determine the 46 original bytes. Thus, the data the client has sent can only be decoded by the server and no one else.
6. This shared secret is now used to generate a set of conventional RC4 cipher keys to encrypt the rest of the session.
No comments:
Post a Comment