ICS - SSL Effort
Updated: Aud 13, 2008
 

SSL is a software layer that secure communication between client and server. The most known use is the HTTPS protocol used to access a secure web server. HTTPS use the SSL protocol to transport HTTP requests and replies with strong security. SSL encrypt data on the fly and use certificate to make sure that the server you connect to is actually the one you think it is, and for a server to be sure that a client is really the one he knows. See below for more details.

 

ICS-SSL is the result of the SSL effort which has been funded by many contributors. Now ICS-SSL has been released to the freeware community and is available from the ICS download page (see ICS link on the left). Of course, even if the project is now freeware, you are encouraged to donate some money to support further development. To know how to send your money, click here.

 

SSL BENEFITS

A customer connecting to a secure website is assured of three things:
- Authentication: The company that installed the certificate really owns the website.
- Message privacy: Using a unique "session key", SSL encrypts all information exchanged between your web server and your customers, such as credit card numbers and other personal data. This ensures that personal information cannot be viewed if it is intercepted by unauthorized parties.
- Message integrity: The data cannot be tampered with over the Internet.
- Increasing Business: Certificates let you securely exchange sensitive information online and increase business by giving your customers confidence that their transactions are safe.

Full document

WHAT IS SSL ?

SSL = Secure Sockets Layer

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server can be enabled by using Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use.
TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a client that handles SSL but not TLS."
The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications. The protocol is composed of two layers. At the lowest level, layered on top of some reliable transport protocol (e.g., TCP[TCP]), is the SSL Record Protocol. The SSL Record Protocol is used for encapsulation of various higher level protocols. One such encapsulated protocol, the SSL Handshake Protocol, allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. One advantage of SSL is that it is application protocol independent. A higher level protocol can layer on top of the SSL Protocol transparently. The SSL protocol provides connection security that has three basic properties:
- The connection is private. Encryption is used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption (e.g., DES[DES], RC4[RC4], etc.)
- The peer's identity can be authenticated using asymmetric, or public key, cryptography (e.g., RSA[RSA], DSS[DSS], etc.).
- The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.

OTHER INTERESTING LINKS

Introduction to SSL
OpenSSL
Book: Network Security with OpenSSL
Another introduction to SSL


HOW TO SEND YOUR CONTRIBUTION

The bank to send money to is:
    Belfius Banque SA, 1210 Brussels, Belgium
    Account owner is:
    François PIETTE, rue de Grady 24, 4053 Embourg, Belgium
    International Bank Account Number (IBAN): BE02 0630 1270 7540
    Swift address (BIC): "GKCCBEBB".

For small contributions, you should consider mailing cash in an anonymous envelop. Post is very reliable in Belgium. If it is also reliable in your country, use that method. It is cheap for you and me.

You could also buy an Amzon Gift for me. Please use www.amazon.fr website to order it.
Sorry, I can't accept credit card payment.

It is better for me you send the money in EURO currency. If you pay using another currency, even US$, there will be change fees.

Of course you are welcome to add bank fee and VAT to your contribution :-) Just ask your bank to charge you for all the fees and commission. So I will receive the net amount you choosed.