The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The 'sockets' part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.
TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access.
The Transmission Control Protocol (TCP) combined with the Internet Protocol (IP) governs the transportation and routing of data over the Internet. TCP keeps track of the blocks of data to assure that all are delivered reliably to the appropriate application. The internet layer is concerned with routing data from source to destination host through one or more networks connected by routers. But the TCP/IP does not provide any security mechanism from the various web security threats such as modification of data in transit, eavesdropping on the net resulting in loss of privacy, theft of data from server or client, impersonation of users (fake users), etc. Thus, to overcome these threats we require protocols that ensure data integrity (received data is same as when sent by the sender) by use of checksum and authentication code, Confidentiality (protection of data from unauthorised disclosure) through encryption, Authentication (proof that the communicating entity is the one it pretends to be) by username/password, certificates, etc. These security aspects can be applied to the network, transport, and application layers of the internet model. In this report we discuss in detail how the SSL/TLS add authentication and confidentiality to the TCP protocol.