Appendix C. The SSL 3.0 Protocol

This appendix describes the SSL Version 3.0 protocol which we introduced in Chapter 12. It is meant to give a general overview of the protocol to a semi-technical audience. It also provides some information about SSLeay, a freely available implementation of this protocol.

The Internet Engineering Task Force (IETF) Transport Layer Security (TLS) working group is in the process of creating a TLS standard based on SSL 3.0. Although TLS should eventually supersede SSL, it may be a year or more before the TLS standard is finalized and the protocol is built into readily available software. In the meantime, SSL 3.0 is likely to remain the de facto standard for transport layer security.

The current TLS standard can be found at http://www.consensus.com/ietf-tls/.

History

The SSL protocol was designed by Netscape Communications for use with Netscape Navigator. Version 1.0 of the protocol was used inside Netscape. Version 2.0 of the protocol shipped with Netscape Navigators Versions 1 and 2. After SSL 2.0 was published, Microsoft created a similar secure link protocol called PCT (described briefly in Chapter 11) that overcame some of SSL 2.0’s shortcomings. The advances of PCT were incorporated into SSL 3.0, which is being used as the basis for the secure protocol being developed by the IETF.

The SSL v3.0 protocol is arranged in two layers:

  • SSL message layer[120] (User Data; Handshake messages; Alert messages; Change Cipher Spec messages)

  • Record layer (SSL records) ...

Get Web Security and Commerce now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.