Technical overview of secure sockets layer, Ssl encryption – Allied Telesis AT-S63 User Manual
Page 697

AT-S63 Management Software Menus Interface User’s Guide
Section VII: Management Security
697
Technical Overview of Secure Sockets Layer
This section describes the Secure Sockets Layer (SSL) feature, a security 
protocol that provides a secure and private TCP connection between a 
client and server. 
SSL can be used with many higher layer protocols including HTTP, File 
Transfer Protocol (FTP) and Net News Transfer Protocol (NNTP). Most 
web browsers and servers support SSL, and its most common deployment 
is for secure connections between a client and server over the Internet. 
The switch supports SSL versions 2.0 (client hello only) and 3.0 which 
were developed by Netscape, and the Internet Engineering Task Force 
(IETF) standard for SSL, known as SSL version 3.1 or Transport Layer 
Security (TLS).
Within the Ethernet protocol stack, SSL is a Layer 4 protocol that is in 
between the HTTP and TCP protocol layers. HTTP communicates with 
SSL in the same way as with TCP. In other words, TCP processes SSL 
requests like any other protocol requesting its services.
SSL provides a secure connection over which web pages can be 
accessed from an HTTP server. The operation of SSL is transparent to the 
end user who is accessing a web site with the following exceptions:
The site’s URL changes from HTTP to HTTPS.
The browser indicates that it is a secured connection by displaying an 
icon, such as a padlock icon.
By default, HTTP and HTTPS use the separate well-known ports 80 and 
443, respectively. Secure connections over the Internet are important 
when transmitting confidential data such as credit card details or 
passwords. SSL allows the client to verify the server’s identity before 
either side sends any sensitive information. SSL also prevents a third party 
from interfering with the message because only trusted devices have 
access to the unprotected data.
SSL Encryption
SSL uses encryption to ensure the security of data transmission. 
Encryption is a process that uses an algorithm to encode data so it can 
only be accessed by a trusted device. An encrypted message remains 
confidential. 
All application data messages are authenticated by SSL with a message 
authentication code (MAC). The MAC is a checksum that is created by the 
sender and is sent as part of the encrypted message. The recipient re-
calculates the MAC, and if the values match, the sender’s identity is 
verified. The MAC also ensures that the message has not been tampered 
with by a third party because any change to the message changes the 
