Saturday 2 May 2015

SSL


This tutorial series is all about security protocol SSL. SSL stands for Secure Sockets Layer protocol. SSL encrypts the communication between web browser and web server.

Why SSL is needed (Why we need encryption)
Suppose I want to purchase a product from flipkart.com.

a.   First I go to the site flipkart.com
b.   Select the product and checkout for payment
c.    At the time of online payment, I need to provide all my credit card information to the web site. In case of HTTP, data is transmitted from browser to server as simple text. Once you submit your credit card details, it travels through number of systems before reaching flipkart server. Since HTTP transfers data as simple text, there is a security threat.  Neither the user, nor the server has control on the information that is travelling across the network. Here SSL came into picture, it solves the problem by making the communications between client and server encrypted.

Now a days, almost all web browsers and web servers support SSL. You can see https prefix for ssl secured URLs.


As shown in the above figure, above sequence is the basic communication flow. The Network Interface layer is responsible for transmitting/receiving TCP/IP packets across network. The Internet layer is responsible for addressing, packaging, and routing functions. TCP is responsible for the establishment of a TCP connection, the sequencing and acknowledgment of packets sent, and the recovery of packets lost during transmission. Application layer defines the protocols like HTTP, FTP that applications use to exchange data.


As shown in the figure, SSL comes in between HTTP and TCP.



Prevoius                                                 Next                                                 Home

No comments:

Post a Comment