In this post I want to show what happens at the protocol level when we use SSL/TLS. For the purpose of this analysis I’ll be using a non-blocking implementation of a TCP client and server based on OpenSSL for the Scheme Gambit compiler that I’m currently working on.
Is important to note that SSL/TSL enables applications to be only as secure as the underlying infrastructural components (networks and hosts). SSL/TLS is a separate protocol that inserts itself between the application protocol (generally HTTP, but any other is perfectly possible) and the transport protocol (TCP). By acting as such, TLS requires very few changes to the protocols below and above, so the protocol can operate nearly transparently for users, meaning that users need not be aware of the fact that the protocol is in place. Of course this comes with some drawbacks, as it limits the protocol in some fundamental aspects (such as the inability to use UDP).
SSL/TLS has evolved considerably since its beginnings. Nowadays SSL 2.0 and 3.0 are considered insecure, so they are being replaced by the newer TLS 1.0/1.1/1.2 versions. The history of these protocols is an interesting topic.…continue