Secure Socket Layer Implementations-A Review

Secure Socket Layer (SSL), is the protocol developed by Netscape for transmitting private documents securely over the Internet. SSL can be effectively used to protect the data in transmission. SSL protocol comes in between the application layer protocol (e.g., HTTPS (Hyper Text Transfer Protocol Secure)) and the Transport layer protocol. The http application interfaces with SSL nearly in the same way as it would with TCP in the absence of security. As far as TCP is concerned, SSL is just another application protocol using its services.SSL consist of two sub-protocols, the Hand-shake protocol and Record protocol. The strength of the SSL and hence the performance offered by the secure communication is determined by the selection of the cipher suite. The cipher suite itself has got four components and they are technique for key exchange, authentication, encryption and the method to compute the message digest hash. Different methods are available for all the above said technique and we need to select a cipher suite that will perfectly match our performance requirements, speed and memory constraint. Different built in libraries are there for the developers to use. This paper provides a brief comparison and description regarding the most commonly used SSL implementations such as OpenSSL, CyaSSL and MatrixSSL. KeywordsSecure Socket Layer (SSL); Transport Layer Security (TLS); Datagram Transport Layer Security; Hand-shake Protocol; Record Protocol; Advanced Encryption Standard (AES).