ICS - SSL Effort
Updated: Aud 13, 2008
 

SSL is a software layer that secure communication between client and server. The most known use is the HTTPS protocol used to access a secure web server. HTTPS use the SSL protocol to transport HTTP requests and replies with strong security. SSL encrypt data on the fly and use certificate to make sure that the server you connect to is actually the one you think it is, and for a server to be sure that a client is really the one he knows. See below for more details.

 

ICS-SSL is the result of the SSL effort which has been funded by many contributors. Now ICS-SSL has been released to the freeware community and is available from the ICS download page (see ICS link on the left). Of course, even if the project is now freeware, you are encouraged to donate some money to support further development. To know how to send your money, click here.

 

SSL BENEFITS

A customer connecting to a secure website is assured of three things:
- Authentication: The company that installed the certificate really owns the website.
- Message privacy: Using a unique "session key", SSL encrypts all information exchanged between your web server and your customers, such as credit card numbers and other personal data. This ensures that personal information cannot be viewed if it is intercepted by unauthorized parties.
- Message integrity: The data cannot be tampered with over the Internet.
- Increasing Business: Certificates let you securely exchange sensitive information online and increase business by giving your customers confidence that their transactions are safe.

Full document

WHAT IS SSL ?

SSL = Secure Sockets Layer

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server can be enabled by using Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use.
TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a client that handles SSL but not TLS."
The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications. The protocol is composed of two layers. At the lowest level, layered on top of some reliable transport protocol (e.g., TCP[TCP]), is the SSL Record Protocol. The SSL Record Protocol is used for encapsulation of various higher level protocols. One such encapsulated protocol, the SSL Handshake Protocol, allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. One advantage of SSL is that it is application protocol independent. A higher level protocol can layer on top of the SSL Protocol transparently. The SSL protocol provides connection security that has three basic properties:
- The connection is private. Encryption is used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption (e.g., DES[DES], RC4[RC4], etc.)
- The peer's identity can be authenticated using asymmetric, or public key, cryptography (e.g., RSA[RSA], DSS[DSS], etc.).
- The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations.

OTHER INTERESTING LINKS

Introduction to SSL
OpenSSL
Book: Network Security with OpenSSL
Another introduction to SSL


HOW TO SEND YOUR CONTRIBUTION

The bank to send money to is:
    ING Belgium, Avenue Marnix 24, 1000 Brussels, Belgium
Account owner is:
    OverByte sprl, rue de Grady 24, 4053 Embourg, Belgium

If you are in the EC, use this information:
    International Bank Account Number (IBAN): BE80 3400 6181 2377

Outside of the EC, do a "swift" transfer:
    Swift address: "BBRU BE BB 400", account number "3400 6181 2377".

From Belgium:
    Account number: 340-0618123-77

For small contributions, you should consider mailing cash in an anonymous envelop. Post is very reliable in Belgium. If it is also reliable in your country, use that method. It is cheap for you and me.

Sorry, I can't accept credit card payment.

If you are in a EC country, then you must provide me a company name and address with a valid VAT number otherwise I have to pay 21% VAT to the belgian treasury. No problem outside of the EC. Of course I will send an invoice for accounting purpose.
In all cases, I need name and address or I have to pay 21% VAT to the belgian treasory. (VAT means Value Added Tax. It is a kind of sale tax applyed almost everywhere in Europe).

I will mail an invoice for accounting purpose. If you are in a large company, maybe you need a proformat invoice so that they can send the money. Just ask me.

It is better for me you send the money in EURO currency. If you pay using another currency, even US$, there will be change fees.

Of course you are welcome to add bank fee and VAT to your contribution :-) Just ask your bank to charge you for all the fees and commission. So I will receive the net amount you choosed.