SSL along with TSL (Transport Layer Security) are highly used cryptographic security protocols for the internet. They are used to establish a channel for secure communication over the web.
Note that TSL has replaced SSL in 1999. Its working is quite similar to SSL but is more efficient and secure when compared to its predecessor. TLS also provides backward operability for SSL for old devices in use.
TSL 1.3 is the current version of SSL/TLS that was published in the year 2018.
Advantages of SSL
Different SSL Protocols
SSL Protocol Diagram depicting all types of SSL protocols
SSL Record Layer Protocol
It is used to perform a data transfer operation. The SSL record layer protocols help in transferring data to the application layer for other high-level operations. Each record contains a 5-byte header.
Types of SSL Records
1. Handshake records
2. Alert Records
3. Application Data Records
4. Change Cipher spec records
SSL Alert Protocol
Alert messages for any problems are provided via SSL alert protocol. Alert messages can notify the severity of an alert along with its description. A lever of fatality is also associated with every message for example level 1 is associated with a warning while level 2 is a fatal one. An alert record consists of 2 fold notification such as alert level and alert code both occupying 1 byte each as shown in the diagram below.
SSL Change Cipher Spec Protocol
This protocol is used to detect any changes taking place in cipher parameters. It gives out notifications to clients and servers if any change occurs in the already agreed keys/parameters. The keys of the message must always be changed frequently whenever resuming a session or even before starting a new session. SSL Change Cipher Spec message is sent to the receiver which holds the rules of agreements for protection.
SSL Handshake Protocol
All session state protocols are provided by the SSL handshake. Both the client and server are must agree to a set of rules and parameters before communication to take place. Several steps are included for this which are depicted below:
1. Agreement on a protocol version
2. Establishment of Security capabilities (Ex. Hello phase message)
3. Server authentication and key exchange
4. Client authentication and key exchange
5. Establishment of connection
6. Data transfer