Secure Socket Layer protocol is a general character designed in 1994 by the company Netscape Communcations Corporation, and is based on the joint application of Symmetric Cryptography, Asymmetric cryptography (public key), digital certificates and digital signatures to get a channel or secure means of communication over the Internet. Symmetric cryptographic systems, main engine of encryption of data transferred in communication, takes advantage of the speed of operation, while asymmetric systems are used for the secure exchange of symmetric keys, thus securing the problem of Confidentiality in data transmission.

SSL implements a negotiation protocol to establish a safe level shall notably socked (more hostname port), transparently to users and applications that use it.

He is currently the standard of secure communication major web browsers (HTTP protocol), such as Netscape Navigator and Internet Explorer, and is expected to soon be brought out versions for other protocols other Application Layer (mail, FTP, etc.). .

The secure Web server’s identity (and sometimes the client user) is achieved by the appropriate Digital Certificate, which is checked for validity before starting the exchange of sensitive data (authentication), while the security of data integrity exchanged is provided by Digital Signature using hash functions and checking summaries of all data sent and received.

From the viewpoint of its implementation in the OSI reference model and TCP / IP, SSL is introduced as a kind of level or additional layer, located between the application layer and transport layer, replacing the sockets of the operating system what makes it independent of the application that uses it, and is implemented generally on port 443. (NOTE: The ports are the intefaces aplicacoines that between the protocol stack and TCP / IP operating system).

SSL provides security services to the protocol stack, encrypting outgoing data from the application layer before they are targeted at the transport layer and encapsulated and transmitted by the lower layers. Moreover, you can also apply compression algorithms to the data to send and fragment the larger blocks of 214 bytes, returning it to reassembly at the receiver.

The most current version of SSL is 3.0. using symmetric encryption algorithms DES, Triple DES, RC2, RC4 and IDEA, the asymmetric RSA, MD5 hash function and the signature algorithm SHA-1.

The algorithms, key lengths and summary hash functions used in SSL depends on the level of security that is sought or permitted, the most common include:

+ RSA 168-bit Triple DES + SHA-1: supported by versions 2.0 and SSL 3.0, is one of the strongest sets in terms of security, since 3.7 * 1050 possible different symmetric keys, so it is very difficult to break. For now its use is permitted only in the U.S., especially in applied banking transactions.
RSA RC4 128-bit + + MD5: supported by versions 2.0 and SSL 3.0 allows 3.4 * 10 38 different symmetric keys, though a lower number than the previous case gives the same strength to the system. Similarly, in theory only permitted commercial use in the U.S., although it is now possible implementation in common browsers, being used by government agencies, corporations and banks.
RSA RC2 128-bit + + MD5: supported by SSL 2.0 only allows 3.4 * 10 38 different symmetric keys, and is similar to the previous strength, but is more slow to operate. Only permitted commercial use in the U.S., although it is now possible implementation in common browsers.
RSA + DES 56-bit + SHA-1: supported by versions 2.0 and SSL 3.0, but it is the case for version 2.0 is often used instead of MD5 SHA-1. It is a less safe than before, allowing 7.2 * 10 16 different symmetric keys, and is the default usually bring web browsers today (in fact they are 48-bit key and 8 for error checking).

RSA RC4 40-bit + + MD5: supported by versions 2.0 and SSL 3.0 has been the most common system allowed for export outside the United States. Allow approximately 1.1 * 10 12 different symmetric keys, and a very high processing speed, although their safety is questionable and cryptanalysis with current techniques.
RSA RC2 40-bit + + MD5: at all analogous to the previous system, although much lower processing speed.
Only MD5: used only to authenticate messages and discover attacks on the integrity of them. It is used when the browser client and server have no common SSL, making it impossible to establish an encrypted communication. It is supported by SSL 2.0, but if the version 3.0.

The symmetric encryption key is unique and different for each session so that if communication fails and must establish a new SSL session, the password will be generated again symmetric.

SSL encryption provides high level of data Interchange (even the headers are encrypted HTTP) authentication server (and if necessary also the client) and integrity of the data received.

During the SSL secure communication process there are two ground states, the session state and connection status. Each session is assigned an arbitrary ID number, chosen by the server, a data compression method, a series of encryption algorithms and hash functions, a master secret key of 48 bytes and a flag of new connections, which indicates whether from the current session can make new connections. Each connection includes a secret number for the customer and one for the server, used to calculate the MAC of your messages, a particular secret key encryption for the client and one for the server, some initial vector for encryption of data in and a block sequence numbers associated with each message.

How do we know if a connection is being made through SSL?. Because browsers often have an icon that usually indicates a lock on the bottom of the window. If the lock is open is a normal connection, and if it is closed for a secure connection. If we debla click on the closed padlock will appear Digital Certificate secure web server.

In addition, the pages that come from an SSL server are implemented using secure HTTP protocol, so that your address, we will see in the browser address bar, always begin with https, like:

https: / / ….. com

Finally, when we are on a secure connection can see the server certificate by going to the File menu of your browser and clicking “Properties”. At the bottom we have a choice “certificates” that will show the current server.