An overview of SSL
SSL or Secure Socket Layer is a cryptographic method which provides secure transfer of data over the internet. Unlike other protocols discussed, SSL does not require a separate client in the since of an application outside of any others. Support for SSL is built into all major browsers by default, and does not require any feedback from the user to operate.
Like IPSec, SSL provides both authentication and encryption
Going back to the OSI image, SSL will secure data to the lower sublayer of the application layer.
In a basic overview, SSL works by first "handshaking" at the session layer of the OSI model using an asymmetric cipher, followed by a shared symmetric cipher which is then used to encrypt the rest of the data being transferred.
Sources
- http://en.wikipedia.org/wiki/Transport_Layer_Security
- http://publib.boulder.ibm.com/infocenter/rfthelp/v7r0m0/index.jsp?topic=/com.ibm.test.terminal.docs/topics/rxmlrft0026.html