Secure Sockets Layer

SSL is a protocol for exchanging keys, negotiating symmetric encryption algorithms, and authenticating messages.

SSL is the basis for IETF's TLS protocol.

What does SSL do?

  1. Encrypts communication between browser and server.
  2. Authenticates server to browser (via server's signed certificate).
  3. Authenticates browser to server (optional, via client's signed certificate).

What does SSL not do?

  1. Tell you that a user with a certificate is authorized to use it.
  2. Tell you that the organization running a web server is honest.
<< Previous Contents >> Next >>
Lincoln D. Stein, lstein@cshl.org
Cold Spring Harbor Laboratory
Last modified: Sun Jul 16 18:47:38 PDT 2000