TLS and security features

techie | June 9 - 2010

Security over online sales and purchases is assured by the URL HTTPS. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub layer under regular HTTP application layering.
This Secure transaction is certified through SSL or SSH .Whether it is SSL or SSH, it uses the cryptography to ascertain the security of the transactions over online. Most of the online users are aware of the problems like phishing and look for the certifications.
TLS also supports the more secure bilateral connection mode (typically used in enterprise applications), in which both ends of the “conversation” can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party’s certificate).This is known as mutual authentication, or SSL. Mutual authentication requires that the Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface (API) for applications to enable
secure communication protocols over their network transport layer.TLS client-side also hold a certificate which is not usually the thing in the end-user/browser scenario. Unless, that is, TLS-PSK, the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.
Typically, the key information and certificates necessary for TLS are handled in the form of X.509 certificates, which define required fields and data formats.
SSL operates in modular fashion. Every part of traffic taking place between the SSL server and SSL client is encrypted This is done using a key and an encryption algorithm negotiated during the SSL handshake. This SSL handshake occurs at session initialization.
SSL and TLS have been widely implemented in several open source software projects. Programmers may use the OpenSSL, NSS, or GnuTLS libraries for SSL/TLS functionality. Microsoft Windows includes an implementation of SSL and TLS as part of its Secure Channel package. Delphi programmers use a library known as Indy.
Browser implementations
All the most recent web browsers support TLS:
Apple’s Safari supports TLS.
Mozilla Firefox, versions 2 and above, support TLS 1.0. As of April 2010, Firefox does not support TLS 1.1 or 1.2.
Internet Explorer 8 in Windows 7 and Windows Server 2008 R2 supports TLS 1.2.
As of Presto 2.2, featured in Opera 10, Opera supports TLS 1.2.