The History of SSL
Secure Sockets Layer, or SSL, technology is one method for protecting Internet users from malicious groups or software. It is currently used in Web browsers, instant messaging programs, email clients and other software. You most likely use, or have used, several applications that depend on SSL to secure communications between you and another computer that you are connecting to, such as an email server.
Other People Are Reading
-
Invention
-
The Netscape company created the SSL protocol in 1994. This technology allowed secure transmissions between computer applications on a remote server and the client's computer; however, it was never released to the public domain. SSL "provides privacy and integrity of the data that client and server applications exchange," according to IBM.
Version 3.0
-
Netscape continued to develop SSL technology for several years. However, SSL version 2.0 contained numerous vulnerabilities. Adam Shostack, the author of "The New School of Information Security," released an article in 1995 that addressed some of the weaknesses of SSL 2.0, including that SSL is ineffective at protecting a user once his host's server is compromised. This leaves the server open to exploitation, possibly including hacking or virus infection.
In 1996, Netscape released SSL 3.0 to address the vulnerabilities of the previous version. One of the improvements in SSL 3.0 over the previous version is the inability for outsiders to alter secure data during transmission. SSL 3.0 relies on message authentication codes, or MACs, that are encrypted at 128 bits, a significant increase from SSL 2.0's 40-bit keys. Tighter security around authentication keys makes SSL 3.0 less vulnerable to attacks such as hacking attempts.
-
SSL Certificates
-
During the development of SSL 3.0, programmers were also creating SSL certificates. These certificates validate the genuineness of a website where, before, there was no way to guarantee that a harmful website or application wasn't impersonating a well-known name.
SSL certificates protected consumers when making transactions with online businesses or logging into secure applications.
Transport Layer Security
-
According to Microsoft, "the Internet Engineering Task Force (IETF) began work to develop a standard protocol that provided the same functionality [as SSL]. They used SSL 3.0 as the basis for that work, which became the TLS protocol." TLS 1.0 emerged in 1999 as an upgrade to SSL 3.0. Currently, SSL remains at version 3.0 while programmers have continued to develop TLS. In 2008, version 1.2 of TLS emerged.
Computer specialists frequently refer to these combined protocols as "TLS/SSL" because they are similar, but the differences are notable. TLS includes more alert messages than its predecessor. These alerts are more specific and better explain problems that either session endpoint (user or server) detects during secure transmissions.
Extended Validation SSL Certificates
-
SSL certificates received an update on June 12, 2007, after the Certification Authority/Browser Forum, or CA/Browser Forum, began investigating ways to improve them. The culmination of this time and effort are the current Extended Validation SSL certificates that you see occasionally in your Web browser or email client when you access secure pages.
Your browser recognizes when you browse a secure Web page. For example, the address bar in Internet Explorer 7 and above will appear green and will display the name of the organization responsible for the website. Your browser extracts this information from the Extended Validation SSL certificate.
In Firefox, authenticated sites will display a small lock icon in the status bar. Most other browsers alerts users of a secure connection with a similar lock icon, either in the status or the address bar.
-
