The Secure Socket Layer protocol or SSL was designed by Netscape and included in the Netscape Communicator browser. SSL is probably the widest spoken security protocol in the world and is built in to all commercial web browsers and web servers. The current version is Version 2. As the original version of SSL designed by Netscape is technically a proprietary protocol the Internet Engineering Task Force (IETF) took over responsibilities for upgrading SSL and have now renamed it TLS or Transport Layer Security. The first version of TLS is version 3.1 and has only minor changes from the original specification.

SSL can provide three security services for the transport of data to and from web services. Those are:

Contrary to the unfounded claims of many marketing campaigns, SSL alone does not secure a web application! The phrase "this site is 100% secure, we use SSL" can be misleading! SSL only provides the services listed above. SSL/TLS provide no additional security once data has left the IP stack on either end of a connection. All flaws in execution environments which use SSL for session transport are in no way abetted or mitigated through the use of SSL.

SSL uses both public key and symmetric cryptography. You will often here SSL certificates mentioned. SSL certificates are X.509 certificates. A certificate is a public key that is signed by another trusted user (with some additional information to validate that trust).

For the purpose of simplicity we are going to refer to both SSL and TLS as SSL in this section. A more complete treatment of these protcols can be found in Stephen Thomas's "SSL and TLS Essentials".

How do SSL and TLS Work?

SSL has two major modes of operation. The first is where the SSL tunnel is set up and only the server is authenticated, the second is where both the server and client are authenticated. In both cases the SSL session is setup before the HTTP transaction takes place.

SSL Negotiation with Server Only Authentication

SSL negotiation with server authentication only is a nine-step process.

  1. The first step in the process is for the client to send the server a Client Hello message. This hello message contains the SSL version and the cipher suites the client can talk. The client sends its maximum key length details at this time.

  2. The server returns the hello message with one of its own in which it nominates the version of SSL and the ciphers and key lengths to be used in the conversation, chosen from the choice offered in the client hello.

  3. The server sends its digital certificate to the client for inspection. Most modern browsers automatically check the certificate (depending on configuration) and warn the user if it's not valid. By valid we mean if it does not point to a certification authority that is explicitly trusted or is out of date, etc.

  4. The server sends a server done message noting it has concluded the initial part of the setup sequence.

  5. The client generates a symmetric key and encrypts it using the server's public key (cert). It then sends this message to the server.

  6. The client sends a cipher spec message telling the server all future communication should be with the new key.

  7. The client now sends a Finished message using the new key to determine if the server is able to decrypt the message and the negotiation was successful.

  8. The server sends a Change Cipher Spec message telling the client that all future communications will be encrypted.

  9. The server sends its own Finished message encrypted using the key. If the client can read this message then the negotiation is successfully completed.

SSL with both Client and Server Authentication

SSL negotiation with mutual authentication (client and server) is a twelve-step process.

The additional steps are;

  1. 4.) The server sends a Certificate request after sending its own certificate.

  2. 6.) The client provides its Certificate.

  3. 8.) The client sends a Certificate verify message in which it encrypts a known piece of plaintext using its private key. The server uses the client certificate to decrypt, therefore ascertaining the client has the private key.