Your Free Virus Removal

Find Your Tools for Free Virus Removal and Free Spyware Removal

SSL and Browser Security

Want free viruses? No? How about free spyware? No? What about free identity theft!? Still no? Okay then, let me tell you why you cannot have those things when you use SSL and operate your browser in a safe way! SSL is the answer, it stands for secure sockets layer and it operates at the Transport layer of the OSI Model. SSL is a cryptographic protocol which sets up and manages secure communication between your web browser and the web server. It is defined and last updated in RFC-5246.

So, SSL, or TLS (Transport Layer Security) allows both client and server to communicate across an untrusted network and operate in such a way to thwart eavesdropping. SSL/TLS have been around since February of 1995 (Version 1.0) and gained rapid popularity, in 1996, v3.0 was released. The reason for the huge version jump was that a number of security flaws were found in the original code, these flaws allowed attackers to weaken and break the encryption, but, alas, the community responded and the security holes were fixed. SSL/TLS also guarantee message integrity (a method to prevent forgery and tampering) as all messages are signed prior to sending. The setup of an SSL communiqué is a little like this:

  1. The computers negotiate what encryption algorithm will be used

This is always the strongest encryption algorithm supported by both client and server

  1. Key exchange takes place and then authentication happens

Key exchange is like passing the extra key of a padlock to your friend, only (s) he has the means to open your messages aside from yourself

Authentication is the phase where user credentials are verified.

  1. Symmetric cipher and message authentication

The key is never handed out over an unprotected medium, the symmetric key is the core of this scheme and is the most valuable for the communiqué.


At this point, exchange of information takes place and once the parties are done communicating the secure link is taken down and the keys maybe stored for later use. Just what kinds of programs use SSL now days? Nearly everything can use it and probably has. The most modern implementation of SSL is with voice over IP networks (VoIP). The VoIP protocol SIP, or session initiation protocol is the signaling mechanism for setting up a VoIP telephone call.

This is a very basic introduction of SSL meant to give you a foundation of what it is more than how it works, for more information you should Google for “SSL Mechanism” and begin reading, the RFC pages are particularly nice; however very dry if you do not get excited about this stuff very easily. A final note about SSL Security, one of the typical methods of encrypting the traffic is with 3DES, which is three rounds of the Data Encryption Algorithm, the banking system uses 3DES to secure their transactions, so it is a popular implementation in SSL too! I hope you have enjoyed my too basic SSL Primer!