Skip to main content

Transport layer data encryption: SSL

The SSL protocol was originally developed by Netscape and has been universally accepted to secure Internet transactions. SSL is the base to IETF's Transport Layer Security (TSL) standards.

The Transmission Control Protocol/Internet Protocol (TCP/IP) governs the transport and routing of data over the Internet. Other higher-level protocols (HTTP, IMAP, SMTP, etc.) use TCP/IP to support typical application tasks such as displaying Web pages or running e-mail servers.

The SSL protocol is inserted between TCP/IP and higher-level protocols. It uses TCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-enabled server to authenticate itself to an SSL-enabled client, permits the client to authenticate itself to the server, and thus enables both machines to establish an encrypted connection.

The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys. The specific cipher to be used is negotiated between SSL client and server during the session handshake. Examples of ciphers are the Data Encryption Standard (DES), used by the US government, Message-Digest algorithm 5 (MD5), RSA (a public key algorithm for both authentication and encryption), triple-DES (DES applied three times), etc. The most commonly used SSL cipher suites use RSA key exchange.

Because of the generic nature of its architecture, SSL can be used to secure sessions transported by the Internet for almost any application. Most UNIX systems rely on the OpenSSL library, which is used by several popular applications such as the Apache Web server and the OpenSSH remote session application.

However, SSL is not a transparent layer. It requires awareness and specific support from the higher-level protocol in order to provide its services. For example, the Apache Web server has to specifically incorporate SSL support in order to offer secure HTTPS Web connections. Information on the open implementation of SSL can be found at http://www.openssl.org.