About SSL
Netscape developed SSL to secure traffic between Web servers and browsers.
SSL uses public and private keys, and digital certificates to negotiate a
symmetric key and algorithm to use to encrypt traffic between the two.
However, most Web browsers rarely query the root CA to see if a certificate is
valid. They verify that the root CA's certificate is installed locally and is valid.
Browsers compare the received certificate against the installed certificate to
verify that digital signatures match.
To see a list of trusted root certificates that are installed with Internet Explorer,
check Tools, Internet Options, Content, Certificates, Trusted Root Certification
Authorities. You can also view the content of the certificates.
The following list summarizes a successful SSL connection between a Web
browser and a Web server:
A browser sends a request to a server for a secure page.
■
The server sends its digital certificate to the browser.
■
The browser authenticates the server by validating the digital certificate
■
against its list of installed certificates, and concludes that the certificate is
valid.
The browser chooses a random symmetric key and an algorithm that it
■
wants to use to encrypt traffic to and from the server, encrypts the key and
algorithm by using the server's public key that is contained in its digital
certificate, and sends the certificate to the server.
The server decrypts the message by using its private key, and then encrypts
■
all additional information that it sends to the client by using the symmetric
key and algorithm. The server can also tell the client to try another
symmetric key and algorithm, which is the negotiation process.
The client decrypts all information that it receives from the server by using
■
the symmetric key and algorithm, and encrypts all information that it sends
back to the server by using the same symmetric key and algorithm.
The server and client use this symmetric key to encrypt communications
■
until the communications session ends. This symmetric key is also called a
session key and is used only for the duration of the communications session.
If the browser wants to talk to the server at a later date, the browser and
■
server negotiate a different session key by using the same process, and
potentially a different algorithm.
The traffic between the server and client is encrypted by using symmetric
cryptography because is it much faster than asymmetric cryptography.
Cryptography basics
35
About SSL