Encyclopedia of Cryptography and Security

2005 Edition
| Editors: Henk C. A. van Tilborg

Secure Socket Layer (SSL)

  • Clemens Heinrich
Reference work entry
DOI: https://doi.org/10.1007/0-387-23483-7_375


Secure Socket Layer (SSL) denotes the predominant security protocol of the Internet for World Wide Web (WWW) services relating to electronic commerce or home banking. The majority of web servers and browsers support SSL as the de-facto standard for secure client-server communication. The Secure Socket Layer protocol builds up point-to-point connections that allow private and unimpaired message exchange between strongly authenticated parties.


In the ISO/OSI reference model [7], SSL resides in the session layer between the transport layer (4) and the application layer (7); with respect to the Internet family of protocols this corresponds to the range between TCP/IP and application protocols such as HTTP, FTP, Telnet, etc. SSL provides no intrinsic synchronization mechanism; it relies on the data link layer below.

Netscape developed the first specification of SSL in 1994, but only publicly released and deployed the next version, SSLv2, in the same year [5]. With...

This is a preview of subscription content, log in to check access.


  1. [1]
    Bleichenbacher, Daniel (1998). “Chosen ciphertext attacks against protocols based on RSA encryption standard PKCS#1.” Advances in Cryptology—CRYPTO'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer-Verlag, Berlin.Google Scholar
  2. [2]
    Brumley, David and Dan Boneh (2003). “Remote Timing Attacks are Practical.” Proceedings of the 12th USENIX Security Symposium, Washington, D.C.Google Scholar
  3. [3]
    Dierks, Tim and Christopher Allen (1999). The TLS Protocol Version 1.0, IETF Internet-Draft RFC 2246, January (expired), http://www.ietf.org/rfc/rfc2246.txt
  4. [4]
    Dierks, Tim and Eric Rescorla (2002). The TLS Protocol Version 1.1; IETF Internet-Draft, http://www.ietf.org/
  5. [5]
    Freier, Alan, Philip Karlton, and Paul Kocher (1996). The SSL 3.0 Protocol; Netscape Communications Corp.Google Scholar
  6. [6]
    Hickman, Kipp (1995). The SSL Protocol; Netscape Communications Corp.Google Scholar
  7. [7]
    Internet Assigned Numbers Authority (IANA). http://www.iana.org
  8. [8]
    ISO 7498-2. “Information processing systems—open systems interconnection—basic reference model—Part 2: Security Architecture.” ISO International Standard 7498-2; First edition 1989-02-15.Google Scholar
  9. [9]
    Klima, Vlastimil, Ondrej Pokorny, and Tomas Rosa (2003). “Attacking RSA-based sessions in SSL/TLS.” http://eprint.iacr.org/2003/053.
  10. [10]
    Kocher, Paul (1997). Timing Attacks on Implementations of Diffie–Hellman, RSA, DSS, and Other Systems. Advances in Cryptology—CRYPTO'97, Lecture Notes in Computer Science, vol. 1109, ed. B.S. Kaliski Jr. Springer, Berlin, 104–113.Google Scholar
  11. [11]
    Mitchell, John C., Vitaly Shmatikov, and Ulrich Stern (1998). “Finite state analysis of SSL 3.0.” Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas.Google Scholar
  12. [12]
    Paulson, Lawrence C. (1999). “Inductive analysis of the Internet protocol TLS.” Security Protocols: 6th International Workshop 1998, Lecture Notes in Computer Science, vol. 1550, eds. Bruce Christianson, Bruno Crispo, William S. Harbison, and Michael Roe. Springer, Berlin.Google Scholar
  13. [13]
    Rescorla, Eric, (2000). SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, Reading, MA.Google Scholar
  14. [14]
    Wagner, David and Bruce Schneier (1997). Analysis of the SSL 3.0 Protocol (revised).Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Clemens Heinrich

There are no affiliations available