A handshaking protocol for communication over the Internet that provides secure authentication and data encryption. Secure Sockets Layer (SSL) was developed by Netscape Communications for the secure transmission of information over the Internet.
SSL works between the application and transport layers on a TCP/IP host to provide encryption of data for data security and encryption of user credentials for secure authentication. SSL uses the Rivest-Shamir-Adleman (RSA) public key cryptography method and is dependent on the implementation of digital certificates and a supporting public key infrastructure (PKI). Both the client and the server must support SSL. Because SSL is application independent, it can be used to encrypt data transmission for many application-layer Internet protocols, including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), and Network News Transfer Protocol (NNTP).
An SSL handshake begins when an SSL-enabled client requests a connection with an SSL-enabled server. The server sends the client its digital certificate and public key. The client and server then negotiate a mutually acceptable level of encryption (usually 40-bit, 56-bit, or 128-bit strength, depending on legal restrictions and availability). The client then generates a session key, encrypts it with the server’s public key, and sends the encrypted session key to the server, which decrypts the session key using its private key. From that point on, the session key is used to encrypt all data exchanged between the client and server, providing secure, private communication.
A Web site that uses SSL has a Uniform Resource Locator (URL) that begins with https:// instead of http://.