The primary goal of the SSL Protocol is to provide privacy and
reliability between two communicating applications. The protocol
is composed of two layers. At the lowest level, layered on top of
some reliable transport protocol (e.g., TCP[TCP]), is the SSL
Record Protocol. The SSL Record Protocol is used for encapsulation
of various higher level protocols. One such encapsulated protocol,
the SSL Handshake Protocol, allows the server and client to
authenticate each other and to negotiate an encryption algorithm
and cryptographic keys before the application protocol transmits or
receives its first byte of data. One advantage of SSL is that it
is application protocol independent. A higher level protocol can
layer on top of the SSL Protocol transparently. The SSL protocol
provides connection security that has three basic properties:
- The connection is private. Encryption is used after an
initial handshake to define a secret key. Symmetric
cryptography is used for data encryption (e.g., DES[DES],
RC4[RC4], etc.)
- The peer's identity can be authenticated using asymmetric, or
public key, cryptography (e.g., RSA[RSA], DSS[DSS], etc.).
- The connection is reliable. Message transport includes a
message integrity check using a keyed MAC. Secure hash
functions (e.g., SHA, MD5, etc.) are used for MAC
computations.
