(Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Look for a lock icon at the top or bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL or TLS connection (see TLS).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, server-gated cryptography, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data are transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, server-gated cryptography, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data are transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Zero-day flaw found in web encryption
- A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public. Security researchers Marsh Ray and Steve Dispensa unveiled the TLS Transport Layer Security flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its...
- News items 2009-11-05
- SmartFTP FTP Library 1.5.34.0 (Windows)
- The SmartFTP FTP Library ActiveX component COM provides file transfer functionality for the FTP and SFTP over SSH protocol. It offers a wide range of features which allows reliable and secure file transfers (SSL/TLS and SSH). The component takes advantage of the COM technology which makes it possible to use...
- Software downloads 2009-11-05
- JPEE 5.4.2 (Mac)
- JPEE E-mail Utility is available as a free email extraction, filterer, verifier, exporter, manager, and emailer utility all in one economical application. Take the bulk out of your email! Features include: Complete Email Merge Solution Unlimited Custom Tag support Conditional Tag support Inline Image Attachments...
- Software downloads 2009-11-05
- SerialMailer 6.4 (Mac)
- SerialMailer is a powerful and easy to use tool for companies and individuals who want to communicate with a large group of customers, students, friends or other e-mail contacts without having to rewrite the mail for each recipient. The integrated database allows you to effectively manage your recipients list as...
- Software downloads 2009-11-04
- JumpBox for Tomcat Java Web Application Deployment 1.1.1 (Mac)
- Apache Tomcat is an open source servlet container that implements the Java Servlet and the JavaServer Pages specifications. Like other deployment JumpBoxes, the JumpBox for Tomcat makes it easy to deploy a web application (specifically a java-based web application). Notable features of this JumpBox include: Flexible deployment options: Applications...
- Software downloads 2009-11-03
- TurboFTP 6.00.748 (Windows)
- TurboFTP is a secure FTP client with a wealth of features. It supports secure FTP over SSL/TLS and SFTP over SSH2. The built-in Folder Synchronizer helps you synchronize local and remote folders with ease. The Task Scheduler offers scheduled FTP transfer and synchronization capabilities. It can monitor a folder and...
- Software downloads 2009-11-03
- JumpBox for LAMP Deployment 1.1.13 (Mac)
- The JumpBox for LAMP Deployment is a great utility system that allows you to easily deploy applications where a tailored JumpBox may not exist. It contains MySQL plus PHP, Perl, Ruby and Python along with PHPMyAdmin to help you manage the database. Using the JumpBox for LAMP Deployment you can...
- Software downloads 2009-11-02
- Nexus Terminal 6.72 (Windows)
- Nexus Terminal is a Telnet 3270/5250/VT/ANSI terminal emulator with: recording, a script language, host print (both tn3270 (3287, tn5250 (3812) and LPD), RS232, file transfer (IND$FILE, FTP, FTPS, SFTP and Kermit), HLLAPI, SSH, and SSL support.
- Software downloads 2009-11-02
- wodFtpDLX.NET 1.4.9 (Windows)
- wodFtpDLX.NET is secure FTP client .NET 2.0 component that is able to support encrypted and non-encrypted FTP access to the servers for transferring files or complete directories. It supports old, very common, FTP protocol, but also secured FTPS (FTP+SSL) and SFTP (FTP+SSH). No matter what protocol is selected - it...
- Software downloads 2009-11-02
- Evernote 3.1.0.1225 (Windows)
- Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere. Use Evernote to jot notes, create to-do lists, clip entire Web pages, manage passwords, and record audio. Everything added...
- Software downloads 2009-10-31
- Ability FTP Server 1.20 (Windows)
- FTP Server features 128-bit SSL, Remote Admin, security protection options, disk quota limits, bandwidth restrictions, IP restrictions, virtual folders, resume support, real-time activity viewer, and real-time control. The Remote Admin facility is designed for ultimate flexibility and so is accessible via a Web browser. This allows secure control over the...
- Software downloads 2009-10-30
- KLS Backup 2009 Professional 5.0.1 (Windows)
- KLS Backup 2008 is a backup, synchronization and disk cleaner program that allows you to back up or synchronize your data to local and network drives, CD/DVD media or FTP (SSLTLS) server. The cleanup feature is a complete solution to backup and clean private data and free up disk space....
- Software downloads 2009-10-30
- JumpBox for the MySQL Relational Database 1.1.11 (Mac)
- MySQL is probably the most widely used relational databases around. It's used as an integral component in many JumpBoxes and is also useful to have available in an easy to use standalone version. This JumpBox includes MySQL 5 along with PHPMyAdmin setup and ready to run. It's a great tool...
- Software downloads 2009-10-30
- CrushFTP 5.0.3 (Mac)
- CrushFTP handles FTP, SFTP SSH FTP, FTPS FTP over SSL, HTTP, HTTPS, WebDAV, and WebDAV SSL. WebDAV allows you to use the OS X Finder to connect to the server and work on it as if it were another hard drive on your machine. Read, write, rename. all with WebDAV....
- Software downloads 2009-10-29
- JumpBox for the Movable Type Blogging System 1.1.12 (Mac)
- Movable Type is Six Apart's flagship blog software product, launched in 2001. Today, this robust social publishing platform powers the websites and blogs of many of the world's largest media companies, Fortune 100 businesses, small and medium sized businesses, and power bloggers. Movable Type is a fully integrated, scalable, proven...
- Software downloads 2009-10-29
- JumpBox for the Joomla! CMS 1.1.14 (Mac)
- Joomla! is an award-winning Content Management System CMS that will help you build websites and other powerful online applications. It's one of the most popular Open Source applications around and the JumpBox for Joomla is a huge time saver. It captures the experience of a skilled IT admin in a...
- Software downloads 2009-10-29
- JumpBox for LAPP Deployment 1.1.5 (Mac)
- The JumpBox for LAPP Deployment is a great utility system that allows you to easily deploy applications where a tailored JumpBox may not exist. It contains PostgreSQL plus PHP, Perl, Ruby and Python along with phpPgAdmin to help you manage the database. Using the JumpBox for LAPP Deployment you can...
- Software downloads 2009-10-29
- JumpBox for the PostgreSQL Relational Database Management System 1.1.5 (Mac)
- PostgreSQL is a powerful, open source object-relational database system that's been under active development for over 15 years. An enterprise class database, PostgreSQL boasts sophisticated features such as Multi-Version Concurrency Control MVCC, point in time recovery, tablespaces, asynchronous replication, nested transactions savepoints, online/hot backups, a sophisticated query planner/optimizer, and write...
- Software downloads 2009-10-29
- Core FTP Server 1.0 build 317 (Windows)
- Core FTP Server is a secure FTP server with SSL/TLS/FTPS, SSH/SFTP, HTTP/S support virtual paths, access rules, and certificate authentication. Quick and easy setup, start sharing files in minutes.
- Software downloads 2009-10-28
- Wireshark 1.2.3 (Mac)
- Wireshark is the world's foremost network protocol analyzer, and is the standard in many industries. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development. Read/write many different aWireshark is the world's...
- Software downloads 2009-10-28
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
