SSL/TLS

• The socket layer lies between the application layer and the transport layer in the Internet protocol stack. The SSL protocol is an internet protocol for secure exchange of information between a web browser and web server. This provides a secure pipe for communication. SSL is the protocol that is used for the vast majority of secure transactions over the internet.
• Suppose Alice wants to buy a book from KT280.com. Before she provides the credit card information she needs to be sure that she’s dealing with the original site, hence she needs to authenticate KT280.com. The authentication need not be mutual.
• After Alice is satisfied that she is dealing with a secure site she will provide the private information which needs to be protected in transit.
• In this protocol Alice the client informs Bob the server that she wants to conduct a secure transaction. Bob responds with his certificate.
• Alice needs to verify the signature on the certificate at which point she will be confident that she has Bob’s certificate although she cannot yet be certain that she’s talking to Bob.
• Then Alice will encrypt a symmetric key KAB with Bob’s public key and send the encrypted key to Bob. This symmetric Key can then be used to encrypt and integrity protect subsequent communication.
• Transport Layer Security is an IETF standardization initiative whose goal is to come out with an internet standard version of SSL. This does not support fortezza cipher suite. This uses HMAC as a record protocol.