|
In this article:
- What is SSL
- Working of SSL
- History of SSL
What is SSL?
SSL stands of Secure Sockets Layer. SSL is a cryptographic protocol, that is, it is responsible for providing secure communication over the Internet which includes e-mail, faxing over the internet etc. The term SSL also includes the successor of the SSL protocol called the Transport Layer Security (TLS).
SSL authenticates the data at the endpoints. It is important from the point of view of privacy over the Internet. Usually, SSL is only used to identify a server as being authentic while the client connected to the server may or may not be authentic. However, when there needs to be authentication on both the sides, public key infrastructure is used. There are various flavors of implementations of SSL. Some of the major ones include RSA, DES, DSA, AES, MD5, SHA and RC4 etc.
Working of SSL
The basic working of SSL is based on exchanging records between two connected systems which is also called handshaking. Each record maybe encrypted and is includes a Message Authentication Code or MAC. The record also specifies which protocol it is to be used with (eg., FTP, HTTP etc.).
Once the connection between the client and the server is established, the following procedure is followed:
- The client sends a ClientHello message to the server. This message contains various details about the client such as what compression methods to use, the type and version of protocol it supports and other random bytes.
- When the server receives the message from the client, it responds by sending a ServerHello message. This is received by the client and it contains the connection parameters based on the options given in the ClientHello message.
- Once the client is aware of the parameters of the connection, the client sends its certificate to the server and the latter sends one in return. These certificates are X.509 as of now. The reason why the client is required to send a certificate is for its authentication.
- A master secret is created for negotiating with each other. This master is used to reach all other key data by using the random values that were generated at the time of ClientHello and ServerHello messages.
To ensure security, the SSL protocol uses the following techniques or features:
- It indexes or numbers all the records with the help of the MAC sequence number.
- The MACs can only be read or checked with the use of a secret key.
- It protects the data from being stolen even if the data is taken to a lesser secure version of a protocol (called downgrading).
History of SSL
SSL 3.0 was developed by Netscape and was released in 1996. SSL would later act as the foundation for the development of TLS 1.0 which is an IETF standard protocol. Since its release, it has been used by many leading companies for securing their websites. These include MasterCard, American Express etc. SSL has found widespread usage in e-commerce and related areas. A characteristic of SSL is it being modular. Thus it can be easily extended and still be backward and forward compatible.
SSL originally used only 40-bit keys for encryption which were weak and easy prey for attacks. This was, however, unavoidable because of the prevailing export law in the US back then. The scenario changed when the 40-bit key limit was lifted, though after a lot of controversy and lawsuits, and SSL encryption started using the now popular 128-bit keys. However, this is not the maximum limit. There are several implementations that use larger keys.
Since its introduction in 1996, SSL has served as one of the best security protocols. Its security features are renowned all over the world.
|
