The SSL (Secure Sockets Layer) Handshake Protocol [Hic95] was developed by Netscape Communications Corporation to provide security and privacy over the Internet. The protocol supports server and client authentication. The SSL protocol is application independent, allowing protocols like HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), and Telnet to be layered on top of it transparently. Still, SSL is optimized for HTTP; for FTP, IPSec (see Question 5.1.4) might be preferable. The SSL protocol is able to negotiate encryption keys as well as authenticate the server before data is exchanged by the higher-level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication and message authentication codes.
The SSL Handshake Protocol consists of two phases: server authentication and an optional client authentication. In the first phase, the server, in response to a client's request, sends its certificate and its cipher preferences. The client then generates a master key, which it encrypts with the server's public key, and transmits the encrypted master key to the server. The server recovers the master key and authenticates itself to the client by returning a message authenticated with the master key. Subsequent data is encrypted and authenticated with keys derived from this master key. In the optional second phase, the server sends a challenge to the client. The client authenticates itself to the server by returning the client's digital signature on the challenge, as well as its public-key certificate.
A variety of cryptographic algorithms are supported by SSL. During the ``handshaking'' process, the RSA public-key cryptosystem (see Section 3.1) is used. After the exchange of keys, a number of ciphers are used. These include RC2 (see Question 3.6.2), RC4 (see Question 3.6.3), IDEA (see Question 3.6.7), DES (see Section 3.2), and triple-DES (see Question 3.2.6). The MD5 message-digest algorithm (see Question 3.6.6) is also used. The public-key certificates follow the X.509 syntax (see Question 5.3.3).
For more information on SSL 3.0, see http://home.netscape.com/eng/ssl3/index.html.
TLS (Transport Layer Security) is a protocol that is based on and very similar to SSL 3.0; for more information about TLS 1.0, see ftp://ftp.isi.edu/in-notes/rfc2246.txt.
We should also mention WTLS (Wireless TLS), which specifies the security layer protocol in WAP (Wireless Application Protocol); WAP is the de facto standard for the delivery and presentation of information to wireless devices such as mobile phones and pagers. WTLS is very similar to TLS but optimized for low-bandwidth bearer networks. For more information on WAP and WTLS, see http://www.wapforum.org/what/technical.htm.