You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.



NSS implements the Secure Sockets Layer (SSL) v2 and v3 and Transport Layer Security (TLS) protocols. This page summarizes information about the SSL/TLS module within NSS.

The SSL protocol allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. It was originally invented by Netscape and has become a de facto Internet standard. For the SSL 3.0 specification (also called SSL v3) in plain text form, see The SSL Protocol, Version 3.0. For the original SSL 0.2 specification (also called SSL v2), see The SSL 0.2 Specification.

Note re version numbers: Both SSL2 and SSL3 have 16-bit (two-byte) version number fields. SSL2 interprets this as a single 16-bit integer, and the official number is 2, e.g. 0x0002. SSL3 interprets two-byte version numbers as a one byte "major" number and a one byte "minor" (or fractional) number. So the value 0x0002 is interpret by SSL3 as version 0.2, not 2.0.

TLS is a protocol from the IETF based on SSL. It will eventually supersede SSL while remaining backward-compatible with SSL implementations. For the version 1.0 of the TLS protocol specification, see The TLS Protocol.

The following documents provide background information that you need to understand before attempting to work with the SSL/TLS APIs provided by NSS:

For information on using the SSL-related NSS APIs, see the following:

For information on debugging SSL implementations, see SSL 3.0 Connection Walkthrough.

For information on special SSL cipher suites used with FIPS, see FIPS SSL CipherSuites.