Secure Sockets Layer

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is developing and not approved.
Main Article
Talk
Definition [?]
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

Secure Sockets Layer (SSL) is an encrypted end-to-end protocol that runs between World Wide Web browsers (i.e., Hypertext Transfer Protocol *HTTP) clients) and Web servers. It was developed by Netscape [1], and supported by Microsoft and other major vendors until the development of a functionally equivalent standard, Transport Layer Security (TLS) [2], by the Internet Engineering Task Force. TLS is a derivative of SSL.

From the standpoint of network architecture, it forms a "shim" between Transmission Control Protocol (TCP) and HTTP. "Sockets" refer to the programming interface used by the host and client application to communicate only when traffic has been encrypted before being sent to TCP, or decrypted after it is received. For cryptographic authentication and content protection, SSL uses public key software from RSA.

There is no charge for client-side access or noncommercial server use; Netscape does license the server side for commercial service.

References

  1. Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9
  2. T. Dierks, E. Rescorla (August 2008), The Transport Layer Security (TLS) Protocol Version 1.2., RFC5246