SSL := Secure Socket Layer (RFC 2246)
The Secure Socket Layer is a stream-oriented communication layer that provides authentication and strong encryption and data-integrity for a server/client-model.
Authentication is based upon x509-certificated, built from an RSA oder DSA public key. The server must provide a certificate to the client; the client may provide one (depends on configuration) to the server. Both certificated may be signed by a trusted third party via a signing-scheme, such as RSA or DSA. Once e.g. the client gets the server-certificate upon connection, it can verify the certificate by checking this signature against the certificate of the trusted third party or check if this is really the certificate it expects. The server may do the same with the client-certificate.
Key- and algorithm-agreementEdit
After authentication both parties agree on an algorithm for further encryption. the list of algorithm is standarized and does contain symmetric algorithms like IDEA, BlowFish, Rijndael (=AES) et al. Both parties also agree on an encryption-key. Right now i am not sure, if this is true, but i assume this is done with a key-agreement-scheme such as Diffie-Hellman. All this agreement is encrypted with the public-key of the other partie (from its certificate), so only this partie can decrypt it.
Once all this is done, both parties can communicate over this encrypted and authenticated channel.
SSL was developed by Netscape for a secure way of communication between a webserver and a webbrowser. Now it is used for a vast number of protocols, like HTTPS, POP3S (pop3 ssl), IMAPS (imap ssl), LDAPS, SSH ... The current standards are SSLv3 (the SSL as defined above) and TLSv1, an extension where insecure protocols like IMAP or POP3 may provide an extra command (often "STARTTLS") that initiates an SSL-connection.