Secure Sockets Layer (SSL)
SSL (pronounced as separate letters) is short for Secure Sockets Layer.
Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
SSL URLs
Most Web browsers support SSL, and many websites use the protocol to obtain confidential user information, including credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.
How SSL Works
When a Web browser tries to connect to a website using SSL, the browser will first request the web server identify itself. This prompts the web server to send the browser a copy of the SSL Certificate. The browser checks to see if the SSL Certificate is trusted — if the SSL Certificate is trusted, then the browser sends a message to the Web server. The server then responds to the browser with a digitally signed acknowledgement to start an SSL encrypted session. This allows encrypted data to be shared between the browser and the server. You may notice that your browsing session now starts with https (and not http).
Secure HTTP (S-HTTP)
Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols were approved by the Internet Engineering Task Force (IETF) as a standard.
SSL 3.0 Vulnerable and Obsolete
SSL version 3.0 is based on the 1996 draft. In 2014, the 3.0 version of SSL was considered vulnerable due to POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks. These attacks allowed secure HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. Today, SSL 3.0 is considered obsolete and has been succeeded by Transport Layer Security (TLS), but it is still widely deployed.
Going From SSL to TLS
Secure Sockets Layer (SSL) is the predecessor to Transport Layer Security (TLS). TLS is an Internet Engineering Task Force (IETF) standards track protocol that is based on the earlier SSL specifications.
Read Also:
- SSOP
Short for Shrink Small Outline Package, it’s a surface-mount memory packaging from Intel. Key features of the SSOP include the following: JEDEC standard compliance, direction for Intel��s higher-density flash architectures, 0.8 mm (31.5 mil) lead pitch offers handling characteristics similar to 50 mil pitch packages, performance in wide temperature applications, and a two-sided and gull […]
- SSSL
Short for Single Sided Single Layer DVD. See DVD5.
- SSTP
Short for Simple Symmetrical Transmission Protocol, SSTP is an application-layer protocol designed to allow two programs to engage in bi-directional, asynchronous communication. It supports multiple application endpoints over a single network connection between peer nodes and enables efficient utilization of communication resources. [Source: Groove Networks ]
- Shielded Twisted Pair
Often abbreviated STP, a type of copper telephone wiring in which each of the two copper wires that are twisted together are coated with an insulating coating that functions as a ground for the wires. The extra covering in shielded twisted pair wiring protects the transmission line from electromagnetic interference leaking into or out of […]
- STTR
Short for the Small Business Technology Transfer program, a federal program that awards research and development funds to small businesses that partner with non-profit research institutions to encourage them to jointly explore their technological potential and innovate new technologies that will be made commercially available to the public. STTR is similar to the SBIR program […]