Secure Sockets Layer (SSL)

botond published 2018/12/02, v - 13:59 time

SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security) are cryptographic protocols that provide communication security over the computer network. Several versions of the protocols are widely used in applications such as web browsing, email, etc FTP, instant messaging and voice-based calling (VoIP). Websites can use SSL to secure communication between the server and the web browser.

SSL / TLS protects data security and data integrity primarily between two or more computer communication applications. When the channel between the client (eg a web browser) and the server (eg a web page) is encrypted, one or more of the following properties must be present:

  • The connection is private (or secure) because symmetric cryptography is used to encrypt the transmitted data. Symmetric encryption keys are generated for each connection individually and are based on an intermediate secret that is transmitted at the beginning of the session. The server and the client determine which encryption algorithm and encryption keys to use during the session before the first data byte is sent.
  • The identification of the communicating parties can be authenticated using public key encryption. This authentication can be optional but is usually required by at least one of the parties (typically the server).
  • The connection is trusted because each message sent includes a message damage check using a message authentication code to prevent the detected loss or change in data transmission.

 

Because an SSL certificate can be generated by anyone, web browsers and various network programs (e.g., mail server, FTP, SMTP, etc ...) only accept certificates from Trusted Certification Authorities.

An example of generating a self-generated SSL key pair (Self signed):

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365

In this example, OpenSSL generates private and public keys, which are generated using an 2048 bit RSA encryption algorithm and are valid for 365 days.

 

For more details, see HTTPS Main article.