SSL and TLS Protocols

From OpenSSLWiki
Revision as of 18:26, 31 August 2014 by Philippe lhardy (talk | contribs)

Jump to: navigation, search

SSL stands for Secure Sockets Layer and was initiated by Netscape, SSLv1, SSLv2 and SSLv3 are the 3 versions of this protocol. After SSLv3, SSL was renamed to TLS.

TLS stands for Transport Layer Security and started with TLSv1 which is an upgraded version of SSLv3.

Those protocols are standardized and described by RFC.

OpenSSL provides implementation for those protocols and is often used as the reference implementation for any new feature.

Goal of SSL was to provide a secure communication using classical tcp sockets with very few change in api usage of socket to be able to leverage security on existing tcp socket code.

SSL/TLS is used in every browser worldwide to provide https ( http secure ) functionality.

latest version is TLS v1.3 still draft.

Connectionless support is provided with DTLS.

Those protocols are configurables and can use various ciphers depending on their version.

A connection always starts with an handshake between a client and a server. This handshake is intended to provide a secret key to both client server that will be used to cipher the flow.

Initial handshake can provide server authentication, client authentication or no authentication at all.

Default usage in HTTPS is to verify server authenticity with trusted Certificate Authorities known by browser.