NSS implements the Secure Sockets Layer (SSL) v2 and v3 and Transport Layer Security (TLS) protocols. This page summarizes information about the SSL/TLS module within NSS.
The SSL protocol allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection. SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. It was originally invented by Netscape and has become a de facto Internet standard. For the SSL 3.0 specification (also called SSL v3) in plain text form, see The SSL Protocol, Version 3.0. For the original SSL 0.2 specification (also called SSL v2), see The SSL 0.2 Specification.
Note re version numbers: Both SSL2 and SSL3 have 16-bit (two-byte) version number fields. SSL2 interprets this as a single 16-bit integer, and the official number is 2, e.g. 0x0002. SSL3 interprets two-byte version numbers as a one byte "major" number and a one byte "minor" (or fractional) number. So the value 0x0002 is interpret by SSL3 as version 0.2, not 2.0.
TLS is a protocol from the IETF based on SSL. It will eventually supersede SSL while remaining backward-compatible with SSL implementations. For the version 1.0 of the TLS protocol specification, see The TLS Protocol.
The following documents provide background information that you need to understand before attempting to work with the SSL/TLS APIs provided by NSS:
- Introduction to Public-Key Cryptography. Explains the basic concepts of public-key cryptography that underlie NSS.
- Introduction to SSL. Introduces the SSL protocol, including information about cryptographic ciphers supported by SSL and the steps involved in the SSL handshake.
For information on using the SSL-related NSS APIs, see the following:
- Introduction to Network Security Services. Introduction to the NSS libraries and documentation.
- SSL Reference. Documents the APIs used to invoke SSL operations.
- SSL Sample Code. HTML version of sample code illustrating basic SSL client and server operations using NSS APIs.
For information on debugging SSL implementations, see SSL 3.0 Connection Walkthrough.
For information on special SSL cipher suites used with FIPS, see FIPS SSL CipherSuites.