previous | start | next

Secure Sockets Layer

SSL was originally developed by Netscape Inc, but is now in widespread use. Any product can incorporate SSL technology without paying any royalties.
 
The basic idea of SSL is that it overlays the standard socket interface to TCP with a new socket library providing secure communications as required. Although it is the SSL standard that defines how the encryption is applied to Web transactions, the actual encryption itself is performed by a number of cipher algorithms. When an SSL browser and SSL server first communicate they mutually pick a cipher algorithm that both support. Some commonly used ciphers are listed in this table:
Cipher Bits Description
3DES 168 These are well-proven, 168-bit, triple-encryption ciphers. Not supported by products from Microsoft or Netscape.
IDEA 128 This cipher uses 128-bit keys but it is not commonly found in web browsers or servers. In the USA and Europe a license from Ascom AG is required to use these ciphers.
RC4 and RC2 128 These ciphers use 128-bit keys, which normally offer a high degree of security. Inside the USA a license from RSA is required to use these ciphers.
Export RC4 and RC2 40 These ciphers use 40-bit keys but are otherwise identical to their equivalent 128-bit versions. Servers and browsers produced by Netscape and Microsoft support these ciphers. Inside the USA a license from RSA is required to use these ciphers.

 


previous | start | next