Q

How does SSL 'sit' between the network layer and application layer?

SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.

I've heard people say that SSL "sits" between the network layer and application layer? What does that mean?

This is a very good question, and I think the best way to answer it is to start by examining the purpose of a protocol. In the computing world, a protocol is a set of rules governing how data is transferred between two endpoints. The rules cover the syntax, semantics and synchronization of connection, communication and actual data exchange. Most communications and networking protocols don't function in isolation, however. They are layered together in what's called a protocol stack, a specific combination of protocols that work together, where each protocol in the stack performs specialized tasks.

Secure Sockets Layer, or SSL, is a standards-based cryptographic protocol that offers encryption and authentication services. It is widely used to provide secure communications over the Internet. By far the most common use of SSL is within Web browsers via an application-protocol hybrid known as HTTPS. SSL, however, is a transparent protocol, basically invisible to the user, and it is available to any TCP/IP-based application.

As you can imagine, trying to ensure that a protocol stack can actually fulfill its intended role, and that the different protocols all work together, is very complex. Various models have been developed to help engineers conceptualize protocol stacks, and each provides an abstract description of how network protocols should work. The OSI (Open System Interconnection) model is probably the best known and uses seven layers to group the services that a protocol can offer. An earlier model, the TCP/IP model, uses four or five layers. The layers near the top of both models are logically closer to the user, while those near the bottom are logically closer to the physical transmission of the data.

Under the OSI model, the application layer, Layer 7, performs common application services for the application processes; the network layer, Layer 3, solves the problem of getting packets from one place to another across a network. The SSL protocol is quite unusual, as it doesn't just operate at one layer. SSL is neither a network layer protocol nor an application layer protocol. It is one that "sits" between both layers.

Because of its position, SSL gives the client machines the ability to selectively apply security protection on individual applications, rather than set forth encryption on an entire group of applications. The procedure can be done without concerning Layer 3, the network layer. For these reasons, when SSL is used for encrypting network traffic, only the application layer data is actually encrypted. This differs from, say, the IPsec protocol, which operates at the network layer and encrypts all traffic data right down to the IP layer.

More on this topic

 

This was first published in July 2007

Dig deeper on SSL and TLS VPN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close