Sunday, July 22, 2007

What is Secure Socket Layer (SSL)?

Originally developed by Netscape, SSL - short for Secure Sockets Layer - has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. SSL works by using a public key to encrypt data that's transferred over the SSL connection.

The Transmission Control Protocol/Internet Protocol (TCP/IP) controls and is responsible for the routing and transmission of data all over the Internet. The SSL protocol runs in a "layer" above TCP/IP and below higher-level protocols such as HTTP or IMAP. SSL allows an SSL enabled server to authenticate itself to an SSL enabled client and vice versa enabling both machines to establish an encrypted connection

SSL makes use of a public key infrastructure (PKI) to operate. The server operating securely generally obtains an SSL key and certificate pair from an issueing authority. It then makes these available on the server itself and announces the availability within the protocol exchanges between the server and client.

An SSL exchange is initiated with an SSL handshake where the client and the server exchange information with each other regarding the encryption information indicated by the SSL certificate.

Once this handshake is completed both the client and the server know exactly how to encrypt the information in a way that the other end will understand and be able to decrypt.

From that point on, anyone listening to (or snooping on) the data transfer between the client and the server will only see this encrypted information. They would then have to spend a long time decrypting it before they could make any sense out of it.

The greater the number of bits used when generating a certificate the stronger the encryption used with 1024 bit keys now being commonplace. It can take weeks of work using fast computers to successfully decrypt such a key.

SSL encryption is available on web pages to a secure server. Further, messaging servers (such as GMS) can also support SSL over POP3, IMAP4, SMTP as well as HTTP. By providing a complete secure route for messages, users of GMS can be confident that they can read, write and respond to email without anyone snooping on them.

SSL has more recently become known as Transport Layer Security, or TLS for short.

No comments: