Secure Sockets Layer (SSL), are cryptographic protocols which offer communication security on the net. In other words, SSL (Secure Sockets Layer) is the industry-standard security technology for setting up an secured link connecting a web server and a web browser. Secure Sockets Layer (SSL) makes use of program layer positioned between the Internet’s Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
After the client and server made their minds up to use SSL (or TLS) they negotiate a stateful link through a handshaking technique. During this handshake, the client and server agree on different variables utilized to set up the connection’s security.
- The handshake starts when a client connects to a SSL-enabled server seeking a safe and secure connection and offers a list of recognized CipherSuites (ciphers and hash functions).
- Out of this list, the hosting server selects the best cipher and hash function which it also supports and informs the client of the selection.
- The web server transmits its identity by means of a digital certificate. The digital certificate generally provides the web server name, the trusted certificate authority (CA) and the server’s public encryption key.
- The client could get in touch with the server which granted the digital certificate and ensure the credibility of the certificate prior to proceeding.
- To be able to produce the session keys intended for the secure connection, the client encrypts an arbitrary number using the server’s public key and transmits that to the web server. Only the server is able to decrypt it, using its private key.
- Using the arbitrary number, both sides produce key material for encryption and decryption.
TLS Transport Layer Security and SSL Secure Sockets Layer aren’t interoperable. In spite of this, a message sent with TLS can easily be taken care of by a client who handles SSL however, not TLS.