 The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server can be enabled by using Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use. TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a client that handles SSL but not TLS.
 |
Getting started with secure sockets layers |
| To explore how the secure sockets layer is used in the enterprise, here are some additional resources: |
| Pros and cons of tunnelless VPN: Thinking about implementing a tunnelless VPN? Learn how to do it and the security risks associated with the technology. |
| SSL security risks and limitations: Learn about the limitations, lack of authentication standards and overall security risks associated with SSL in this excerpt from Dan Sullivan's book, A Shortcut Guide to Extended Validation SSL Certificates. |
Last updated on: Oct 05, 2008
|
