The Transport Layer Security reference article from the English Wikipedia on 24-Jul-2004
(provided by Fixed Reference: snapshots of Wikipedia from wikipedia.org)

Transport Layer Security

Watch videos on African life
Secure Sockets Layer (SSL) is a protocol designed by Netscape Communications Corporation to provide secure communications on the Internet. SSL version 3.0, released in 1996, was later used as a basis to develop Transport Layer Security (TLS), an IETF standard protocol. TLS was first defined in RFC 2246: "The TLS Protocol Version 1.0".

These protocols provide endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; PKI deployment is required for mutual authentication. The protocols allow client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

They are layered beneath application protocols such as HTTP, SMTP and NNTP and above the TCP transport protocol, which is part of the TCP-IP protocol suite. While both SSL and TLS can be used to add security to any protocol that uses TCP, they are most commonly used in the HTTPS access method. HTTPS is used to secure World Wide Web pages for applications such as Electronic commerce. Both protocols use public key cryptography and public key certificates to verify the identity of endpoints.

Like SSL on which it was based, TLS is a modular protocol, designed to be extended, with support for forwards and backwards compatibility and negotiation between peers.

Both TLS and SSL involve a number of basic phases:

Some early implementations of SSL were limited to 40-bit symmetric keys because of US Government restrictions on the export of cryptographic technology. The 40-bit keyspace was explicitly imposed so as to be small enough to be breakable by brute force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation was required of Lotus Software's 'Notes' product in export versions. After a several years of public controversy, a series of lawsuits, and eventual Government recognition of changes in the market availability of 'better' cryptographic products (within and without the US), some aspects of the export restrictions have been relaxed. The 40-bit key size limitation has mostly gone away. Modern implementations use 128-bit (or longer) keys for symmetric key ciphers.

TLS has subsequently been extended by other RFCs including:

While an increasing number of client and server products can support TLS or SSL natively, there are many that still do not. In these cases, a user may wish to use standalone SSL products like Stunnel to provide SSL encryption.

See also

External links


This article (or an earlier version of it) contains material from FOLDOC's article on SSL, used with permission.