Online Presence
KapNuz - Easy News For You
Awesome Hosting Plans
Advertise Here

Transport Layer Security

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

(Redirected from SSL)
Jump to: navigation, search

Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. SSL and TLS are used interchangably in this text unless otherwise stated.

TLS is a protocol that secures the communication between two applications, hence ensuring that no third party can eavesdrop on the communication.

SSL/TLS Handshake
SSL/TLS Handshake

TLS on a high level can be said to be composed of two protocols:

  • TLS Record Protocol: It provides connection security with some encryption method (e.g. DES).
  • TLS Handshake Protocol: It allows the parties to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the data communication is started.

Applications

SSL runs on layers beneath application protocols such as HTTP, SMTP and NNTP and above the TCP transport protocol, which forms part of the TCP/IP protocol suite. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce. It uses public key certificates to verify the identity of endpoints.

While an increasing number of client and server products can support SSL natively, many still do not. In these cases, a user may wish to use standalone SSL products like Stunnel to provide encryption. However, the Internet Engineering Task Force recommended in 1997 that application protocols offer a way to upgrade to TLS from a plaintext connection, rather than use a separate port for encrypted communications - this prevents use of wrappers such as Stunnel.

SSL can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN.

TLS 1.1

TLS 1.1 is the next generation of the TLS protocol. TLS 1.1 is currently a draft and is expected to be published as an RFC late 2005. A "Last Call", one of the last steps in the RFC process, was issued August 19, 2004. TLS 1.1 clarifies some ambiguities and adds a number of recommendations. TLS 1.1 is very similar to TLS 1.0. Main reason for the new version number is a modified format for the encrypted packages, which is done to protect against a certain form of attack.

External Links

Retrieved from "http://www.cryptodox.com/Transport_Layer_Security"

Cheap Gas - Loans - Credit Counseling - Loans