Secure Sockets Layer, or SSL, is a standards-based cryptographic protocol that offers encryption and authentication services. It is widely used to provide secure communications over the Internet. By far the most common use of SSL is within Web browsers via an application-protocol hybrid known as HTTPS. SSL, however, is a transparent protocol, basically invisible to the user, and it is available to any TCP/IP-based application.
As you can imagine, trying to ensure that a protocol stack can actually fulfill its intended role, and that the different protocols all work together, is very complex. Various models have been developed to help engineers conceptualize protocol stacks, and each provides an abstract description of how network protocols should work. The OSI (Open System Interconnection) model is probably the best known and uses seven layers to group the services that a protocol can offer. An earlier model, the TCP/IP model, uses four or five layers. The layers near the top of both models are logically closer to the user, while those near the bottom are logically closer to the physical transmission of the data.
Under the OSI model, the application layer, Layer 7, performs common application services for the application processes; the network layer, Layer 3, solves the problem of getting packets from one place to another across a network. The SSL protocol is quite unusual, as it doesn't just operate at one layer. SSL is neither a network layer protocol nor an application layer protocol. It is one that "sits" between both layers.
Because of its position, SSL gives the client machines the ability to selectively apply security protection on individual applications, rather than set forth encryption on an entire group of applications. The procedure can be done without concerning Layer 3, the network layer. For these reasons, when SSL is used for encrypting network traffic, only the application layer data is actually encrypted. This differs from, say, the IPsec protocol, which operates at the network layer and encrypts all traffic data right down to the IP layer.
This was first published in July 2007