SecureSocketsLayer (SSL) protocol is used in most secured websites, especially where financial transactions are involved.

It is commonly used in browsers as a layer7 access mechanism through TCP port 443, although it is by no means limited to this.

A server certificate is needed from a certificate authority (e.g. Verisign), through a tedious Certificate Signing Request (CSR) process.

Typically asymmetric encryption mode is used for securing messages and a process exists to protect the key necessary to decrypt a secured message.

SSLv2 is still around but it is being phased out.

SSLv3 (or TLS) enables two-way roundtrip authentication.  This is done by the client presenting a signed certificate to the web server, in addition to the certificate presented by the server to the client.

----
'''Applicability'''

It is said this is a superior mehanism for securing client-server WebApplication''''''s, because often pre-configured certificates on servers suffice without need for using client side certificates. This has simplified administration of InformationSecurity. See article in PublicKeyInfrastructure WebServices for details.

----
'''Readings material'''
* http://archive.devx.com/whitepapers/thawte/default.asp
* http://wasd.vsm.com.au/ht_root/doc/htd/htd_1700.html
* ''Intro material'' http://msdn.microsoft.com/msdnmag/issues/01/04/SSL/default.aspx
* ''Further details?'' http://publib.boulder.ibm.com/infocenter/wbihelp/index.jsp?topic=/com.ibm.etools.mft.eb.doc/aq01206_.htm
* ''sample chapter on SSL implementation'' http://shiflett.org/books/http-developers-handbook/chapters/18

----
CategorySecurity, CategoryEnterpriseComputingConcerns, CategoryWebDesign