Introduction to SSL

SSL (Secure Sockets Layers is a process which secures transactions made on via the Internet. The SSL standard was brought forward by Netscape, with the collaboration of Mastercard, Bank of America, MCI and Silicon Graphics. They rest on a cryptographic procedure by public key in order to guarantee the security of data transmission on the internet. Its principle is to establish a secure channel of communication (numbered) between two machines (a client and a server) after an authentification step.

Secure transaction

Sécurité certificat SSL The SSL system is independant of the protocol used, which signifies that it can secure the transactions made on the web by the HTTP protocol than connections via FTP protocol, POP or IMAP. Effectively, SSL acts as another supplementary step, permitting the security of data , situated between the application level and the transport level (TCP protocol for example).

In this manner, SSL is transparent for the user (understand by this that it can be unaware that it uses SSL). For example, a user using an Internet navigator to connect itself to an electronic trade site made secure by SSL will send statistical data without any handling necessary on his part.

The quasi integrality of the navigators now support the SSL protocol. Netscape Navigator shows for example a lock which is in the locked position to indicate a connection to a site secured SSL and an open lock in the opposite case, while Microsoft Internet Explorer posts a lock only at the time of the connection to a site made secureby SSL under Internet Explorer and Mozilla

Functions of SSL 2.0

Chiffré et sécurisé The security of the transactions by SSL 2.0 is based on an exchange of keys between customer and server. The transaction secured by SSL is done according to the following model: Initially, the customer connects himself to the commercial site protected by SSL and asks him to be authenticated.

The client also sends a list of the cryptosystems which he supports, sorted by descending order according to the length of the keys. The server receives the request and sends a certificate to the customer, containing the public key of the server, signed by an authority of certification (AC), as well as the name of the cryptosystem highest in the list with which it is compatible (the length of the key of coding - 40 bits or 128 bits - will be that of the common cryptosystem having the biggest size key).

The customer checks the validity of the certificate (thus the authenticity of the merchant), then creates a random secret key (more exactly a block pretentuously random), figure this key using the public key of the server, then sends him the result (the session key). The server is able to decipher the session key with its private key. Thus, the two entities are in possession of a common key to which they are only tow owners.

The remainder of the transactions can be done using session key, guaranteeing the integrity and the confidentiality of the data exchanged. SSL 3.0 aims at authenticating the server with respect to the customer and possibly the customer with respect to the server.

Secure SSL server

explorer sécurisé

Indication that Internet Explorer gives you to assure that the web page is secure.

Mozilla sécurisé

Indication that Mozilla Firefox gives you to assure that the web page is secure.

A Web server secured by SSL has a URL starting with https://, where the "S" means obviously secured (protected). In the middle of 2001, the patent of SSL belonging hitherto to Netscape was repurchased by the IETF (Internet Engineering Task Force) and was renamed for the occasion TLS (Transport Layer Security).

Creative commons license

''This document entitled «Cryptography - Secure Sockets Layers (SSL)» issued from "Comment Ça Marche" is disposed under the terms of the Creative Commons licence . You can copy, modify copies of this page, with the conditions fixed by the license, as long as the note appears clearly. ''