(Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Look for a lock icon at the top or bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL or TLS connection (see TLS).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, server-gated cryptography, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data are transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
HTTPS and Port Number 443
An SSL session is started by sending a request to the Web server with an HTTPS prefix in the URL, which causes port number 443 to be placed into the packets. Port 443 is the number assigned to the SSL application on the server (see well-known port).
The Handshake
After the two sides acknowledge each other, the browser sends the server a list of algorithms it supports, and the server responds with its choice and a signed digital certificate. From an internal list of certificate authorities (CAs) and their public keys, the browser uses the appropriate public key to validate the signed certificate. Both sides also send each other random numbers. For more details on certificates, see digital certificate.
Data for Secret Keys Is Passed
The browser extracts the public key of the Web site from the server's certificate and uses it to encrypt a pre-master key and send it to the server. At each end, the client and server independently use the pre-master key and random numbers passed earlier to generate the secret keys used to encrypt and decrypt the rest of the session. See TLS, server-gated cryptography, security protocol and public key cryptography.
The SSL Handshake
These steps take place to negotiate an SSL session before any user data are transmitted. Steps 5 and 6 verify the integrity of the handshake, ensuring that nobody tampered with any messages. These checksums are called "message authentication codes" (see MAC).
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Serv-U 9.1.0.2 (Windows)
- Serv-U is a powerful, easy-to-use, award-winning File Server from RhinoSoft.com. Serv-U supports the FTP, HTTP, and SFTP protocols to ensure maximum compatibility with the widest range of transfer client software. With support for industry-standard SSL encryption, Serv-U protects your data while it's in transit. A powerful Web-based interface allows administrators...
- Software downloads 2009-11-21
- AOL/Facebook in the Enterprise
- AOL bought Time WarnerWhy does everyone forget this?RE: AOL/Facebook in the EnterpriseAOL - World Dominance? I hardly think so. AOL have always been seen this side of the pond at least as something you warn your kids about - we HATED it with a vengeance. ANY internet supplier was preferable...
- Discussion threads 2009-11-19
- Backup4all Standard 4.3 build 173 (Windows)
- Backup4all is an award-winning backup software for Windows. Backup4all protects your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space. Using Backup4all you can easily backup to any local or network drive, backup to FTP (with support for SSL...
- Software downloads 2009-11-19
- Backup4all Lite 4.3 build 173 (Windows)
- Backup4all is an award-winning backup software for Windows. Backup4all protects your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space. Using Backup4all you can easily backup to any local or network drive, backup to FTP (with support for SSL...
- Software downloads 2009-11-19
- Backup4all Professional 4.3 build 173 (Windows)
- Backup4all protects your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space. Using Backup4all you can easily backup to any local or network drive, backup to FTP (with support for SSL encryption, proxy server, passive mode), backup to CD/DVD/Blu-ray,...
- Software downloads 2009-11-19
- CrushFTP 5.0.4 (Mac)
- CrushFTP handles FTP, SFTP SSH FTP, FTPS FTP over SSL, HTTP, HTTPS, WebDAV, and WebDAV SSL. WebDAV allows you to use the OS X Finder to connect to the server and work on it as if it were another hard drive on your machine. Read, write, rename. all with WebDAV....
- Software downloads 2009-11-18
- SimpleAuthority 2.6 (Windows)
- SimpleAuthority is a Certification Authority CA that is designed to be very easy to use. It generates and manages keys and certificates for people and/or computer servers that can be used for secure email, VPN access, client/server SSL authentication and other uses. Unlike most CA products, SimpleAuthority is very easy...
- Software downloads 2009-11-18
- Xlight FTP Server 3.5 (Windows)
- Xlight FTP Server is an easy to use high performance FTP server with very low memory and CPU usage. It has many features and advanced features such as remote administration, SSL, SFTP,ODBC, LDAP, Active Directory, e-mail notification, and IPv6 support.
- Software downloads 2009-11-18
- BayGenie eBay Auction Sniper Free 3.3.1.8 (Windows)
- BayGenie eBay Auction Sniper Free places bids in the last seconds of auctions. Features: supports 16 countries of eBay international sites * supports all time zones, does not change local machine time * no spyware, pop-ups, or adware * secure connections ssl * fast data transmission * auto update of...
- Software downloads 2009-11-18
- WS_FTP Professional 12.2 (Windows)
- WS_FTP Professional is quick to install and very easy to use. Transfer files over FTP, SSL, SSH, and HTTP/S transfer protocols. Protect files before, during, and after transfer. Unmatched security is provided through 256-bit AES encryption, FIPS 140-2 validated cryptography, OpenPGP file encryption, and file integrity validation up to SHA-512....
- Software downloads 2009-11-18
- Microsoft to share some details on IE 9 at PDC show this week
- Tabs that dont hang and,1. HTML 5 standards compliance ahead of Chrome and FF2. Better plugins3. CSS 3 compliance4. FASTER!Trying to develop for IE8 is still a pain!Addon supportFor things like AdBlock Plus.Also, an x64 version of silverlight.Grow upso do not read this blog - OK? Prefer Firefox but...
- Discussion threads 2009-11-17
- Designing High Availability for Internet Information Services
- End downtime forever! - Organizations today are relying more and more on Web services for the implementation of mission-critical applications. With the advent of Service-Oriented Architectures SOAs,which make extensive use of the core Hypertext Transfer Protocol HTTP and the Secure Sockets Layer SSL, the Web server from the past has...
- White papers 2009-11-17
- MaxBulk Mailer for Windows 7.0 (Windows)
- MaxBulk Mailer is a bulk mailer and mail-merge software that allows you to send out customized press releases, prices lists, newsletters and any kind of text or HTML documents. It handles plain text, HTML and rich text documents and gives full support for attachments. With this product you will create,...
- Software downloads 2009-11-17
- dataComet-Secure 10.2.0 (Mac)
- dataComet-Secure for OS X offers fast, reliable terminal emulation for local Shell sessions, SSL / TLS Telnet / TN3270, SSH1 & SSH2, and serial devices such as modems Telnet sessions offer Kerberos 5 and SOCKS v4 security options Supports both SSH1 and SSH2 sessions with strong encryption + SCP...
- Software downloads 2009-11-17
- Net Transport 2.89 build 502 (Windows)
- NetTransport is fast, exciting, and powerful downloading manager, now supports HTTP/HTTPS, FTP/FTPS over SSL/SFTP over Secure Shell, MMS Microsoft Media Services, RTSP (Real-Time Streaming Protocol), BitTorrent, eMule, RTMP Real Time Messaging Protocol / RTMPT HTTP Tunneling / RTMPS over SSL. NetTransport also have flexible 'File Manager' to manage your downloaded...
- Software downloads 2009-11-16
- Wireshark 1.2.4 (Mac)
- Wireshark is the world's foremost network protocol analyzer, and is the standard in many industries. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development. Read/write many different aWireshark is the world's...
- Software downloads 2009-11-16
- Fetch 5.5.3 (Mac)
- Fetch is a full-featured FTP, SFTP and FTPS (FTP with TLS/SSL) client with a simple and easy-to-use interface.Fetch features include: one-click editing remote files with any application, automatic restart of failed or stalled uploads, Quick Look, WebView, droplet shortcuts, automatic support for Zip, Tar, Gzip, StuffIt and other common file...
- Software downloads 2009-11-16
- Fastream IQ Proxy Server 3.0.1R (Windows)
- IQ Proxy Server is a robust and secure content/reverse solution for Windows. Featuring the most scalable server engine with up to 20,000 simultaneous connections for both filtering and caching content proxy and securing and accelerating reverse proxy, could serve more than 10,000 requests/sec in keep-alive mode. Fastream IQ Proxy Server...
- Software downloads 2009-11-15
- SimpleAuthority 2.6 (Mac)
- SimpleAuthority is a Certification Authority CA that is designed to be very easy to use. It generates and manages keys and certificates that provide cryptographic digital identities for people and/or computer servers. These identities are designed to be used in other applications such as for: secure email - for...
- Software downloads 2009-11-12
- BayGenie eBay Auction Sniper Pro 3.3.1.8 (Windows)
- BayGenie ebay Auction Sniper Pro tracks eBay auctions and automatically places bids in the last seconds of auctions. Features: integrated browser; supports bidding groups; supports 16 eBay global sites, including eBay US, Canada, Germany and United Kingdom; eBay login integration; supports all time zones, does not change local machine time;...
- Software downloads 2009-11-11
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
- Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
