SecureSocketsLayer (SSL) protocol is used in most secured websites, especially where financial transactions are involved. It is commonly used in browsers as a layer7 access mechanism through TCP port 443, although it is by no means limited to this. A server certificate is needed from a certificate authority (e.g. Verisign), through a tedious Certificate Signing Request (CSR) process. Typically asymmetric encryption mode is used for securing messages and a process exists to protect the key necessary to decrypt a secured message. SSLv2 is still around but it is being phased out. SSLv3 (or TLS) enables two-way roundtrip authentication. This is done by the client presenting a signed certificate to the web server, in addition to the certificate presented by the server to the client. ---- '''Applicability''' It is said this is a superior mehanism for securing client-server WebApplication''''''s, because often pre-configured certificates on servers suffice without need for using client side certificates. This has simplified administration of InformationSecurity. See article in PublicKeyInfrastructure WebServices for details. ---- '''Readings material''' * http://archive.devx.com/whitepapers/thawte/default.asp * http://wasd.vsm.com.au/ht_root/doc/htd/htd_1700.html * ''Intro material'' http://msdn.microsoft.com/msdnmag/issues/01/04/SSL/default.aspx * ''Further details?'' http://publib.boulder.ibm.com/infocenter/wbihelp/index.jsp?topic=/com.ibm.etools.mft.eb.doc/aq01206_.htm * ''sample chapter on SSL implementation'' http://shiflett.org/books/http-developers-handbook/chapters/18 ---- CategorySecurity, CategoryEnterpriseComputingConcerns, CategoryWebDesign