SSL

Definition
SSL := Secure Socket Layer (RFC 2246)

The Secure Socket Layer is a stream-oriented communication layer that provides authentication and strong encryption and data-integrity for a server/client-model.

Authentication
Authentication is based upon x509-certificated, built from an RSA oder DSA public key. The server must provide a certificate to the client; the client may provide one (depends on configuration) to the server. Both certificated may be signed by a trusted third party via a signing-scheme, such as RSA or DSA. Once e.g. the client gets the server-certificate upon connection, it can verify the certificate by checking this signature against the certificate of the trusted third party or check if this is really the certificate it expects. The server may do the same with the client-certificate.

Key- and algorithm-agreement
After authentication both parties agree on an algorithm for further encryption. the list of algorithm is standarized and does contain symmetric algorithms like IDEA, BlowFish, Rijndael (=AES) et al. Both parties also agree on an encryption-key. Right now i am not sure, if this is true, but i assume this is done with a key-agreement-scheme such as Diffie-Hellman. All this agreement is encrypted with the public-key of the other partie (from its certificate), so only this partie can decrypt it.

Communication
Once all this is done, both parties can communicate over this encrypted and authenticated channel.

History, Applications
SSL was developed by Netscape for a secure way of communication between a webserver and a webbrowser. Now it is used for a vast number of protocols, like HTTPS, POP3S (pop3 ssl), IMAPS (imap ssl), LDAPS, SSH ... The current standards are SSLv3 (the SSL as defined above) and TLSv1, an extension where insecure protocols like IMAP or POP3 may provide an extra command (often "STARTTLS") that initiates an SSL-connection.

OpenSSL
OpenSSL is much more than an implementation of SSL, it is a collection of many algorithms for encryption, hashing, key agreement and such. for a description, please take a look at their homepage or read the nice oreilly book: ISBN 0-596-00270-X

related: RSA