SSL protocol

+
Search Tips   |   Advanced Search

The SSL protocol was developed by Netscape Communications Corporation.

SSL ensures the data that is transferred between a client and a server remains private. This protocol enables the client to authenticate the identity of the server. SSL V3, requires authentication of the client identity.

When our server has a digital certificate, SSL-enabled browsers like Netscape Navigator and Microsoft Internet Explorer can communicate securely with your server, using SSL. With SSL, we can establish a security-enabled Web site on the Internet, or on our private intranet. A browser that does not support HTTP over SSL cannot request URLs using HTTPS. The non-SSL browsers do not allow submission of forms that require secure communications.

SSL uses a security handshake to initiate a secure connection between the client and the server. During the handshake, the client and server agree on the security keys to use for the session and the algorithms to use for encryption. The client authenticates the server; optionally, the server can request the client certificate. After the handshake, SSL encrypts and decrypts all the information in both the HTTPS request and the server response, including:

• The URL requested by the client

• The contents of any submitted form

• Access authorization information, like user names and passwords

• All data sent between the client and the server

HTTPS represents a unique protocol that combines SSL and HTTP. Specify https:// as an anchor in HTML documents that link to SSL-protected documents. A client user can also open a URL by specifying https:// to request an SSL-protected document.

Because HTTPS (HTTP + SSL) and HTTP are different protocols and use different ports (443 and 80, respectively), we can run both SSL and non-SSL requests simultaneously. This capability enables us to provide information to users without security, while providing specific information only to browsers making secure requests. With this functionality, a retail company on the Internet can support users looking through their company merchandise without security, but then fill out order forms and send their credit card numbers using security.

---

 

Sub-topics

Secure network characteristics
Encryption

Authentication

Certificates

Public Key Infrastructure

Session ID cache