The Secure Sockets Layer protocol is a set of rules that govern server authentication, client authentication, and encrypted communication between servers and clients. SSL is widely used on the Internet, especially for interactions that involve exchanging confidential information such as credit card numbers.
Before the SSL connection is established, the server and the client exchange a series of I/O round trips to negotiate and agree upon a secure encrypted session. This is called the SSL handshake.
When a client requests a connection, the SSL-enabled server presents its certificate to prove its identity before data is transmitted. The certificate is issued by a certificate authority. See “Certificate authorities”. Essentially, the handshake consists of the following steps:
The client sends a connection request to the server. The request includes the SSL (or Transport Layer Security, TLS) options that the client supports.
The server returns its certificate and a list of supported cipher suites, which includes SSL/TLS support options, algorithms used for key exchange, and digital signatures.
A secure, encrypted session is established when both client and server have agreed upon a cipher suite.
For more specific information about the SSL handshake and the SSL/TLS protocol, see the Internet Engineering Task Force Web sitehttp://www.ietf.org.
