SSL is a #Security Service developed by Netscape to provide Transport Layer# security for web servers and clients. It could be implemented as part of the underlying Protocol Suite or embedded in specific packages such as browsers and web servers.
An association between client and server called SSL session will be established by SSL Handshake Protocol, which could be shared among multiple SSL connection that are transient, #p2p, communications links. Each SSL connection is private (encrypted with Symmetric Cryptographic algorithms#) and reliable (message integrity check by Message Authentication Code (MAC)# using SHA, MD5 etc. hash functions on compressed SSL data), and for each web component (provide suitable services). The session could define a set of Cryptographic parameters such as keys and algorithms used which could be shared by multiple connections. The session is kept alive by SSL Alert Protocol, where the peer’s identity can be authenticated with Asymmetric Cryptographic Scheme#. SSL Change Cipher Spec Protocol would be used if the peer wants the consequent messages to be encrypted for transmission. With SSL session, there is no need to exchange security parameters for each SSL connection which could be expensive.
The main security services, that is guarantee message integrity# and Confidentiality#, are provided by SSL Record Protocol. The former is done via MAC with shared secret key used for encryption, the latter with Handshake protocol. The operations are done as shown below:
- Splitting application data into multiple fragments.
- Compressing each fragment.
- Appending a MAC to each fragment’s end.
- Encryption of the fragment.
- Appending SSL Record Header to each fragment’s head.
It is preceded by Transport Layer Security (TLS)#.