Background of ssl
Web pages are delivered using the Hypertext Transfer Protocol (HTTP). HTTP in itself does not offer encryption or any other substantial protection of data transmitted between users and web servers. With the advent of the World Wide Web in the early 1990s and the goal of extending Web usage to actual business activity involving the transmission of confidential information over the Internet came the need to eliminate eavesdropping by unauthorized parties on web communications between computers over the Internet.
Several technologies were proposed to address this need?all of them utilizing encryption to protect sensitive data in transit. The protocol that quickly proved dominant and which ultimately became the standard for secure web communications was SSL.
SSL Version 1.0 was introduced in the Mosaic browser in 1994, and an enhanced version (SSL Version 2.0) was commercially offered later in the same year when the inventors of Mosaic formed a for-profit enterprise ultimately called Netscape Communications and released their Navigator web browser.
As is still the case, by looking at a web page’s URL in those browsers a user could determine if a particular page was delivered over SSL-encrypted communications. SSL encrypted pages had the prefix https whereas non-encrypted pages used a prefix of http. (Today in addition to the change in the URL, most browsers display some icon indicating that the session is encrypted?a lock, a key, etc. This will be discussed in detail in Chapter 6.)
HTTPS is the web protocol that utilizes SSL to encrypt HTTP, and is used worldwide today for secure web communications. HTTPS should not be confused with S-HTTP, an alternative method for encrypting web communications. S-HTTP competed with HTTPS in the early days of secure web sessions, but was generally considered inferior to HTTPS for e-commerce use (as it did not encrypt some session information), and is no longer used.