SSL – Secure socket layer
TLS – Transport layer security

The original Secure Sockets Layer (SSL) implementation was developed in the early 1990s by the Netscape Communications Corporation to secure HTTP, which sends its data as plain text over the Inter- net. The first official release was version 2.0, which gained widespread acceptance despite some design
problems with the protocol.

In the late 1990s it became apparent that SSL 2.0 was not secure. Netscape began working on SSL 3.0. In conjunction with Netscape, the Internet Engineering Task Force (IETF, the Internet standards governing body) began work on standardizing SSL, a project that became known as TLS (Transport Layer Security).

SSL 3.0 was not developed as rigorously as TLS, so it became available sooner and quickly overtook SSL 2.0 as the industry standard. TLS was finalized in 2000, providing the first standardized protocol for SSL. Although SSL 3.0 is still in widespread use, it is mostly obsolete for new development since almost all modern browsers support TLS.

The differences between TLS protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to SSL 3.0).

SSL is simple in theory (keys are exchanged using public-key cryptography, communication is done using symmetric-key cryptography), the actual implementation is quite complex. This section briefly covers the details of establishing an SSL connection and communicating using that connection.

SSL hand shake diagram


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s