Consultor Eletrônico

Status: Unverified

GOAL:

What is SSL (Secure Socket Layer)

FIX:

SSL is a Web protocol for establishing authenticated and encrypted sessions between Servers and Clients.

SSL starts with a handshake routine that first establishes a TCP/IP connection.

Next, the server is authenticated to the client by verifying its public key.

Once authenticated, the server selects the strongest cryptographic algorithm supported by both the client and server and within the restrictions enforced by a particular country.

Next, a shared secret key is generated that is used to encrypt all data flowing between the client and server.

Finally, an encrypted SSL connection is established.

As mentioned, all the information that is sent between client and server is encrypted, including all HTTP requests and responses, as well as the URL being requested by clients.

This level of encryption ensures the protection of sensitive information such as credit card numbers, access authorization information (user names), and sensitive data returned by the server.

Because encryption is computationally intensive, SSL sessions are usually only employed when transmitting sensitive information. A typical session goes like this:

1. A user decides to buy something online and clicks a hyperlink called "Buy online through our secure server."

2. The hyperlink establishes an SSL connection. An SSL connection is indicated in the Browser Address field with a URL that starts with "https" instead of "http."

3. Once the transaction is complete, the user clicks another hyperlink to return to the normal HTTP mode and the encrypted SSL session is terminated.

This jumping in and out of secure mode is required to prevent unnecessary encryption of data that reduces performance. However, a user can choose to connect with any SSL-compliant site and obtain full SSL security by typing https in the Address field when entering the URL for the site.

The "s" in the URL tells the client and server to initiate SSL and connect wit