(Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Look for a lock icon at the top or bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL or TLS connection (see TLS).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data is transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data is transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Antivirus vendor introducing virtual keyboard for secure Ebanking
- Kaspersky's most recent product launch of the Kaspersky Internet Security 2009, is featuring a virtual keyboard "a secure pop-up that enables logins, passwords, bank card details and other important personal information to be entered safely to prevent the theft of confidential information" aiming to protect users from keyloggers, and consequently...
- Blog posts 2008-07-02
- Blizzard introducing two-factor authentication for WoW gamers
- Password stealing malware targeting popular MMORPGs such as World of Warcraft for instance, has become so prevalent, that video game developers are taking their authentication model a step further, by introducing two-factor authentication into play. And while marketable, is the new authentication layer actually useful in a real life situation?...
- Blog posts 2008-07-02
- Google ships open-source Web security assessment tool
- The Google security team has released a free, open-source Web app security assessment tool capable of flagging vulnerabilities and potential security threats in Internet-facing applications. The tool, called Ratproxy, is described as a passive Web application security audit tool designed to analyze legitimate, browser-driven interactions with tested Web...
- Blog posts 2008-07-01
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
- What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...
- Blog posts 2008-06-29
- Evernote (exe)
- EverNote makes it easy to store and quickly access typed and handwritten memos, Webpage excerpts, emails, phone messages, addresses, passwords, brainstorms, sketches, documents and more. EverNote innovates by storing content on an endless, virtual roll of paper. You can quickly scroll chronologically through your notes similar to scanning through handwritten...
- Software downloads 2008-06-24
- Evernote (dmg)
- EverNote makes it easy to store and quickly access typed and handwritten memos, Webpage excerpts, emails, phone messages, addresses, passwords, brainstorms, sketches, documents and more. EverNote innovates by storing content on an endless, virtual roll of paper. You can quickly scroll chronologically through your notes similar to scanning through handwritten...
- Software downloads 2008-06-24
- Glub Tech Secure FTP (gz)
- A pure Java-based client application that allows for a 128-bit encrypted secure connection to be made to a server that supports FTP over SSL or FTPS. The application can be run via its graphical user interface GUI or from the command-line interface CLI, allowing for headless scriptable operation. This makes...
- Software downloads 2008-06-19
- Firefox 3
- After months of testing, Firefox 3 code name Gran Paradiso is available for download from Mozilla. With its new Gekko 1.9 engine, the browser rocks, rendering pages faster and uses fewer system resources overall. As with any new browser, some add-ons created for Firefox 2 may not work, but give...
- Product reviews 2008-06-17
- Slava Proxy-Server (exe)
- The product was developed for shared access to Internet with the help of LAN. It is used at the necessity of shared access through proxy connections. Protocols supported: HTTP/HTTPS, SOCKS, port mapping. The main functions of the SLAVA proxy-server are: access to Web-sites by HTTP and HTTPS protocols (with SSL...
- Software downloads 2008-06-11
- Tific Helpdesk Booster (zip)
- Tific Helpdesk Booster is an inventory system; it comes in two separate files that should be installed on separate systems. The Helpdesk Booster Agent makes an inventory on the local machine, typically the end-user's, and reports the information to a remote server via HTTPS/SSL. The Support Analyst Console fetches the...
- Software downloads 2008-06-11
- What's wrong with an exploit being sexy?
- First off, let me start by saying _dietrich has been following our blog for quite some time and is a consistent poster, providing good advice on how to use Linux securely, sometimes as an alternative to Windows technologies. I wouldn't have commented about this in a blog posting, except that...
- Blog posts 2008-06-10
- Another bug your tools won't find and your WAF won't prevent
- First off, I want to apologize to our readers for not being here as much last week. I had a rough week involving a random ear infection and the loss of an aunt to cancer, so it was not a week where I was very concerned about computer security or...
- Blog posts 2008-06-09
- Yummy FTP (zip)
- Yummy FTP is an FTP, FTP SSL/TLS, and SFTP client that combines all the best features available in other file transfer solutions, makes them better, adds a wealth of its own uniquely powerful capabilities, and then powers them all with a highly tuned FTP engine. The result is a very...
- Software downloads 2008-06-05
- KLS Backup 2008 Professional (exe)
- KLS Backup 2008 is a backup, synchronization and disk cleaner program that allows you to back up or synchronize your data to local and network drives, CD/DVD media or FTP (SSLTLS) server. The cleanup feature is a complete solution to backup and clean private data and free up disk space....
- Software downloads 2008-06-04
- Adobe's Acrobat.com could be an Office killer; Will interface matter?
- Adobe's Acrobat.com could be an Office killer; Will interface matter?Good Luck to AdobeI can't see switching to this from another office suite, if you can even call this an "office suite". It takes enough time and effort to learn and keep up with what you have. There really...
- Discussion threads 2008-06-02
- SNAA - Securing Networks with ASA Advanced
- Instantly save $400 off the standard course price when you register on TechRepublic or ZDNet! Offer ends August 22, 2008.View Available Dates and LocationsIn this Authorized Cisco course, you will take your knowledge and skills on configuring, maintaining, and operating Cisco ASA 5500 Series Adaptive Security to the...
- Training 2008-06-01
- ASACAMP - ASA Lab Camp
- Instantly save $400 off the standard course price when you register on TechRepublic or ZDNet! Offer ends August 22, 2008.View Available Dates and LocationsBased on our Cisco SNAF and SNAA courses, our exclusive, lab-based course is designed to provide you with the most ASA-based lab experience in 5 days...
- Training 2008-06-01
- Gigasoft Online Backup Manager 5 (exe)
- The Gigasoft software runs a daily fully automated offsite backup of your important files and data. After installation of the software you select the files and/or directories that you wish to backup. Then after encryption and compression a full offsite backup will be made from the selected files. These files...
- Software downloads 2008-05-30
- BayGenie eBay Auction Sniper Pro (exe)
- BayGenie ebay Auction Sniper Pro tracks eBay auctions and automatically places bids in the last seconds of auctions. Features: integrated browser; supports bidding groups; supports 16 countries of eBay global sites; eBay login integration; supports all time zones; Auto sniping lead time;SMS notifications to mobile phone;multi-user support; configurable columns; secure...
- Software downloads 2008-05-28
- Cloud computing's earthly bonds
- Cloud computing's earthly bondsThis echos my talkbacks...on nearly every cloud blog posted on this web site. The cloud is not happening for all but the smallest entities. Any company would be stupid to trust their sensitive data to some third party. Even home grown cloud computing is dangerous with deep...
- Discussion threads 2008-05-27
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Learn how collaboration fuels success with this FREE Economist report
-
According to a new study from the Economist, future success belongs to those who collaborate effectively. Learn how successful collaboration can improve profits, problem-solving, and competitive differentiation.
- Visit Cisco's Collaboration Resource Center today!
- New entries posted to Know Issues, Best Practices and Workarounds Wiki
-
Latest Topics: Running virtual machines and DHCP can cause Intel® AMT to be inaccessible; Wildcard certificates are currently not supported for remote; Dell 755 returns a duplicate UUID during activation configuration.
- See the latest entries on the Intel Wiki >>
