Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term "SSL" as used here applies to both protocols unless clarified by context.
SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires public key infrastructure (or PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery.
SSL involves a number of basic phases:
* Peer negotiation for algorithm support
* Public key encryption-based key exchange and certificate-based authentication
* Symmetric cipher-based traffic encryption
During the first phase, the client and server negotiate which cryptographic algorithms will be used. Current implementations support the following choices:
* for public-key cryptography: RSA, Diffie-Hellman, DSA or Fortezza;
* for symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES or AES;
* for one-way hash functions: MD5 or SHA.
for more info, pls refer to
wiki