Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. After being formally introduced in 1995, SSL made it possible for a web server to securely enable online transactions between consumers and businesses. Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol.
While TLS and SSL are not interoperable, versions of TLS through 1.2 were backward-compatible with SSL 3.0. However, backward compatibility with SSL was removed from TLS 1.3, the current version of TLS that was published in 2018.
SSL was originally specified in the 1990s as a proprietary protocol that enabled Netscape browser clients using the Hypertext Transfer Protocol (HTTP) to communicate securely with Netscape web servers; while version 1.0 of SSL was never released, version 2.0 of the protocol made its debut in 1995. SSL was the first widely used protocol for securing online transactions, and it eventually came to be used to secure authentication and encryption for other applications at the network transport layer.
SSL uses a combination of public key encryption and private key encryption and other cryptographic functions to secure a connection between two machines, typically a web server or mail server and a client system, communicating over the internet or another TCP/IP network. SSL provides a mechanism for encrypting and authenticating data sent between processes running on a client and server, as well as mediating the secure exchange of private keys for session encryption through the use of an SSL certificate issued by a trusted certificate authority.
SSL runs above the transport layer and the network layer, which are responsible for the transport of data between processes and the routing of network traffic over a network between client and server, respectively, and below application layer protocols, such as HTTP and the Simple Mail Transport Protocol (SMTP). The sockets part of the term refers to the sockets method of passing data between a client and a server program in a network or between processes in the same computer.
The TLS protocol evolved from SSL and has officially superseded it, although the terms SSL or SSL/TLS are still commonly used to refer to the protocol used to secure web/internet traffic. SSL/TLS is the most widely deployed security protocol used today, and according to Google, it is being used to secure more than 50% of the pages loaded by the Chrome browser. In addition to supporting the transmission of web pages, SSL has been implemented for applications such as email, file transfer, instant messaging (IM) and voice over IP (VoIP).
Importance of SSL
SSL is historically important because it was the first widely used and broadly implemented network protocol to enable cryptographically secured communications between previously unconnected client and server systems.
While SSL began as a proprietary protocol designed and implemented by Netscape, the web server software company published its protocol and made it available for implementation by other companies. By making the protocol accessible to its competitors, Netscape was able to gain web server market share with its secure web server product, while, at the same time, ensuring that the SSL protocol would become an IETF proposed standard.
SSL is still implemented, mostly in legacy systems, but in most cases, it should be replaced with TLS for improved security and to avoid vulnerabilities in and exploits of the older protocol.
While the protocol itself is obsolete, SSL persists in many places as a way to describe either TLS or SSL being used to secure transport layer communications. For example, certificate authorities often market their website certificates as SSL certificates because that is the term more familiar to their customers.
How SSL works
The SSL protocol includes two subprotocols: the record protocol and the handshake protocol.
The handshake protocol defines how a web client and web server establish an SSL connection, including the negotiation of which cryptographic systems each host is willing -- or unwilling -- to use for communication. SSL also specifies processes for exchanging cryptographic material, such as SSL certificates for authenticating web servers, public keys for authentication of transmitted data and private keys for session encryption.
The record protocol defines how communicating hosts exchange data using SSL, including specifications for how data is to be prepared for transmission and how it is to be verified or decrypted on receipt.
As part of the initial handshake process, a server presents its SSL certificate to authenticate itself to the client. Server certificates follow the X.509 certificate format defined by the Public Key Cryptography Standards (PKCS). The authentication process uses public key encryption to validate the digital certificate and to confirm that a server is, in fact, the server it claims to be. SSL certificates, like any digital certificate, should be issued by a trusted certificate authority.
Once the server has been authenticated, the client and server establish cipher settings and a shared key to encrypt the information they exchange during the remainder of the session. This provides data confidentiality and integrity. This whole process is invisible to the user. For example, if a webpage requires an SSL connection, the URL will change from HTTP to HTTP Secure (HTTPS), and a padlock icon will appear in the browser once the server has been authenticated.
The handshake also allows the client to authenticate itself to the server. In this case, after server authentication is complete, the client must present its certificate to the server to authenticate the client's identity before the encrypted SSL session can be established.
Differences between SSL and TLS
After the IETF officially took over the SSL protocol to standardize it through an open process, version 3.1 of SSL was released as TLS 1.0 -- the name was changed to avoid potential legal issues with Netscape. Many attacks against SSL have focused on SSL implementation issues, but the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability is a known flaw in the SSL 3.0 protocol itself, exploiting the way in which it ignores padding bytes when running in cipher block chaining (CBC) mode. This flaw allows an attacker to decrypt sensitive information, such as authentication cookies. TLS 1.0 is not vulnerable to this attack because it specifies that all padding bytes must have the same value and must be verified.
Other key differences between SSL and TLS that make TLS a more secure and efficient protocol are message authentication, key material generation and supported cipher suites with TLS supporting newer and more secure algorithms. TLS 1.3 is the most recent version, published in 2018.