Home
SSL protocol
SSL protocol...
- Ensures the data that is transferred between a client and a server remains private
- Enables clients to authenticate the identity of the server
- SSL Version 3 requires authentication of the client identity.
A browser that does not support HTTP over SSL cannot request URLs using HTTPS. The non-SSL browsers do not allow submission of forms that require secure communications.
SSL uses a security handshake to initiate a secure connection between the client and the server. During the handshake, the client and server agree on the security keys to use for the session and the algorithms to use for encryption. The client authenticates the server; optionally, the server can request the client certificate.
After the handshake, SSL encrypts and decrypts all the information in both the HTTPS request and the server response, including:
- The URL requested by the client
- The contents of any submitted form
- Access authorization information, like user names and passwords
- All data sent between the client and the server
HTTPS represents a unique protocol that combines SSL and HTTP. Specify https: // as an anchor in HTML documents that link to SSL-protected documents. A client user can also open a URL by specifying https: // to request an SSL-protected document.
Because HTTPS (HTTP + SSL) and HTTP are different protocols and use different ports (443 and 80, respectively), you can run both SSL and non-SSL requests simultaneously. This capability enables you to provide information to users without security, while providing specific information only to browsers making secure requests. With this functionality, a retail company on the Internet can support users looking through their company merchandise without security, but then fill out order forms and send their credit card numbers using security.
Subtopics
Certificates
Public Key Infrastructure
Session ID cache