Sunday, September 2, 2007

SSL - Concepts Simplified...!?!!!

Secure Socket Layer:
The Secure Socket Layer protocol was first introduced by Netscape to ensure secure transations between
webservers and browsers. The protocol uses a third party Certificate Authority (CA) to identify the both end
of the transactions

SSL philosophy:

1. Client using some browser requests a secure page (
2. sends its public key with its certificate
signed by (Thawte Consulting Pty Limited) (dated: 02/09/2007, 20:48)
3. Our browser checks that the certificate was issued by a trusted party (Thawte here), that the certificate is
still valid and the certificate is related to site we just contacted ( here).
4. The Browser then uses the public key send by to encrypt some random symmetric
encryption key and sends it to along with the encrypted URL requested as well as other
encrypted data.
5. decrypts the encrypted symmetric key send by the browser (in step 4) with its private key and uses this
symmetric key to decrypt the URL and http data.
6. sends back the requested html data encrypted with the symmetric encrytion key send by the
browser in step 4.
7. Our browser decrypts the http data and html document using symmetric key and displays the information.

With this symmetric key the further communication between and our browser takes place.
Here asymmetric encryption machanism is taking place between browser and

Our browser encrypted some key with public key of and on recieval of
this encrypted key, decrypted it with its private key. This mechanisms works with public/private key pairs.

This way sends its public key to every browser requesting its first page and SSL mechanism
undergoes like the above 7 steps.

1 comment:

deja_vu said...

yes!!! :) it was.. thanchu!