Introducing SSL

Before Netscape invented the Secure Sockets Layer (SSL) protocol in the mid-1990s, there was no good way to protect complete lines of communication against the eyes of interceptors when data was traveling across these lines. You could protect only specific data streams with tools such as PGP Since the mid-1990s, you can encrypt complete data communication channels, and you can authenticate clients and servers using digital certificates. These digital certificates are based on the X.509 standard and contain not only the public key of a party on the Internet but also a digital signature that guarantees the authenticity of this public key.

Netscape wanted SSL to become an Internet standard; therefore, Netscape released enough information so that others could make SSL libraries as well. The OpenSSL suite that is used in Linux environments is a direct result of that.

Since 1994, SSL has had a successor called the Transport Layer Security (TLS) protocol. (See http://www.ietf.org/html.charters/tls-charter.html for more information about the TLS specification.) The TLS protocol does basically the same thing as SSL with one important exception: it is capable of making an existing session encrypted without changing the port number. In this chapter, I won't make a specific distinction between SSL and TLS features. This is because the OpenSSL program you will use to implement SSL/TLS doesn't make a distinction either.

Was this article helpful?

0 0

Post a comment