Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) provides a layers six and seven option for a virtual private network (VPN) connection. Transport Layer Security (TLS) has a similar function and updates the SSL specification. Although there are minor differences between SSL and TLS (and between different versions of each of these), the acronyms SSL, TLS, and SSL/TLS are often used interchangeably. SSL/TLS messages are indicated in a URL through the prefix https://.

The initiation of a SSL/TLS tunnel involves a multiphase handshake between client and server. Some of the steps in this handshaking process include:

• Cipher suite negotiation
• Authentication
  • Key exchange

In cipher suite negotiation, each side offers a list of supported encryption ciphers and hashing algorithms, with ultimate agreement on the strongest of these supported by both sides. For authentication, digital certificates may be used. Key exchange takes place through public key (asymmetric) methods, thereby establishing a shared secret symmetric key for the remainder of the session.

See: RFC 2246.

References:

http://www.freesoft.org/CIE/Topics/121.htm

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380513(v=vs.85).aspx

http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html/Deployment_Guide/SSL-TLS_ecc-and-rsa.html