The major Security objectives over non-secure networks, as it is the case today with TCP/IP networks such as the Internet, can be expressed as:

authentication

data integrity

data confidentiality

non-repudiation

SSL is the single most effective method of executing secure communications over the public Internet.

The SSL specification, developed by Netscape, specifies a protocol for providing data security between remote applications, which typically communicate via TCP/IP.  SSL provides a security “handshake”, that is used to initiate a TCP/IP connection.

This handshake results in the client and server agreeing on the level of security they will use, and also fulfils any authentication requirements for the connection. Thereafter, SSL’s only role is to encrypt and decrypt the bytestream between client and server.

SSL operates by layering a security protocol on top of standard TCP sockets. The steps involved in establishing an SSL connection are as follows:

1) Client contacts server.

2) Server initiates SSL handshake, by passing a public key for encryption of the client’s authentication information.

3) The client takes its authentication information (typically an X.509 certificate, endorsed by a suitably accredited certifying authority (CA)), encrypts it using the public key, and passes it to the server. RSA is the most commonly used form of encryption for SSL credentials, although other algorithms such as Diffie-Hellman, are also supported.

4) If the server is satisfied with the credentials, it will pass an encrypted session key to the client. The remainder of the traffic on the connection will be encrypted using this session key. DES and RC4 are the most commonly used algorithms for this phase of the interaction.

The interaction is summarized in the following diagram:

When an SSL connection has been made and the session has been established, certain data are cached so that in the event of a dropping and resumption of the dialogue, the handshake is curtailed and connection re-establishment is accelerated.