SSL (Secure Sockets Layer) is a protocol for encrypting and decrypting data sent across direct Internet connections. When a client makes an SSL connection with a server, all data sent to and from the server is encoded with a complex mathematical algorithm that makes it extremely difficult to decode anything that is intercepted.
The following is a step-by-step illustration of a standard SSL connection:
Step 1 |
Client connects and requests SSL encryption |
Step 2 |
Server sends its certificate and public key to client |
Step 3 |
Client encrypts session key using server's public key and sends it to server |
Step 4 |
Server decodes session key and uses it to open and encrypt secure data channel |
Tip: For additional security, the server can require a certificate from the client, which is compared to a trusted authorities database to determine whether the client should be allowed to connect. If this option is enabled, the server requests the client certificate between steps 2 and 3; the client sends its certificate and the server checks to see if it has been signed by a certificate in the trusted authorities database.
If the server is not configured to accept SSL connections, or if the server requires client certificates and none is provided or the provided certificate is not found in the trusted authorities database, then the connection is rejected and the server sends a message to the client indicating a failed connection.