SSL provides communication security between two hosts. It provides integrity, authentication and confidentiality. It is used most commonly in web browsers, but can be used with any protocol that uses TCP as the transport layer.

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, Certificate Authorities(CA), to identify one end or both end of the transactions. This is in short how it works.

1. A browser requests a secure page (usually https:).
2. The web server sends its public key with its certificate.
3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted Hypertext Transfer Protocol (HTTP) data.
5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and Hypertext Transfer Protocol (HTTP) data.
6. The web server sends back the requested html document and Hypertext Transfer Protocol (HTTP) data encrypted with the symmetric key.
7. The browser decrypts the Hypertext Transfer Protocol (HTTP) data and html document using the symmetric key and displays the information.

See also http://www.openssl.org, http://www.dxsock.com/