Start SSL sessions

An SSL session is a logical connection between a client or server application over a Transmission Control Protocol (TCP) socket by using the SSL protocol.

An SSL application creates a TCP socket, starts the TCP connection, and then starts the SSL session over the TCP connection. The SSL session is mapped to the TCP socket; therefore, if the socket fails, the SSL session fails.

When the SSL application sends data, the data is encrypted by the SSL code and sent across the TCP socket to the remote node. The SSL code in the remote node reads the data from the TCP socket, decrypts the data, and passes the data to the SSL application.

The following sequence occurs when an SSL session is started:
  1. The normal TCP connection flow occurs. See Network flows for more information.
  2. The SSL handshake flow:
    • Uses public key cryptography to exchange a shared secret session key between the client and the server
    • Negotiates the cipher and message digest algorithm that is used for encrypting and decrypting data messages, and for message integrity
    • Authenticates, optionally, the certificates in use between the client and the server.
  3. Symmetric key cryptography is used to encrypt and decrypt application data messages by using the secret session key that is created during the SSL handshake.