Secure Socket Layer invented by Netscape communications in 1994. Secure Socket Layer is an internet protocol used for securely exchanging the information between client’s web browser and the web server.
SSL ensure the authentication, data integrity and data confidentiality between web browser and the web server. It creates a secure tunnel between client and the server. The main role of SSL is to provide the security to web traffic in all the way.
The current version of SSL is 3.0. SSL is works in between application layer and transport layer the reason SSL is also called as Transport Layer Security (TLS). The data will not be pass directly to transport layer instead it will pass to secure socket layer.
Secure Socket Layer will perform encryption to the data received by application layer and add its own encryption information header ,i.e. Secure Socket Layer Header (SSLH). In the receiver’s end SSL will remove the SSH header and then pass data to application layer.
SSL protocol uses Digital Certificate and Digital Signature for securely communication between client machine and server machine. SSL encrypt the data received from application layer of client machine and add its own header into the encrypted data and send encrypted data to the server side.
Upon receiving encrypted data, server removes the SSL header and decrypts the data and sends the decrypted data to application layer.
Working of Secure Socket Layer –
(1) Handshake Protocol :
As the name suggests when we meet to our friend/colleagues, we have habit to say hi/hello and do the shake-hands with each other before starting our actual communication. SSL handshake protocol uses somewhat same ideology but in terms of client and server.
The first sub-protocol of SSL ,i.e. Handshake protocol used for secure communication between client and the server using an SSL enabled connections.
In this protocol, client authentication to the server is more important that server authentication, because server has different options available for client authentication.
(2) Alert Protocol :
SSL uses the Alert protocol for reporting error that is detect by client or server. The party which detects error sends an alert message to other party. If error is serious then both parties terminate the session.
SSL Alert protocol is the last protocol of SSL use to transmit alerts if any via SSL record protocol to the client or server. The SSL Alert protocol uses two bytes to generate alert. First 1 byte indicates two values either 1 or 2. “1” value indicate warning and “2” value indicate a fatal error.
Whereas second 1 byte indicates predefined error code either the server or client detects any error it sends an alert containing error.
(3) Record Protocol :
SSL Record Protocol provides different services like Data authentication, Data confidentiality through encryption algorithms and Data integrity through Message authentication. It application data, i.e. actual data that client wants to send over server.
SSL Record header consist of 8-bit content type in which identify nature of the message. It is appended onto each encrypted blocks obtained from encryption process.
The Record Protocol provides two services in SSL connection :
- Confidentiality – This can be achieve by using secret key, which is already define by handshake protocol.
- Integrity – The handshake protocol defines a shared secret key that is use to assure the message integrity.