What is SSL?

aka Secure Sockets Layer

Any information sent across the internet can be intercepted by a person or persons the sender never intended to receive that information. There is nothing you can do about that.

If the information is sent in plaintext, it can be read after being intercepted. You can do something about that. You can encrypt the information. SSL is software that enables you to transmit and receive secure (i.e. encrypted) HTTP messages that can only be read by the intended recipient.

HTTP transactions occur between a web browser (e.g. Netscape Navigator) and a web server (e.g. Apache). SSL also requires both a client and a server component. Most web browsers come already configured for SSL. Some web servers do; some don't. Apache doesn't.

The Transmission Control Protocol/Internet Protocol (TCP/IP) governs the transport and routing of data over the Internet. Other protocols, such as the HyperText Transport Protocol (HTTP) run "on top of" TCP/IP in the sense that they use TCP/IP to support application tasks such as displaying web pages.

The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP. It uses TCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-enabled server to authenticate itself to an SSL-enabled client, allows the client to authenticate itself to the server, and allows both machines to establish an encrypted connection.

Transport Layer Security (TLS) is a security protocol from the IETF that is a merger of SSL and other protocols. It is expected to become a major security standard on the Internet, eventually superseding SSL. TLS is backward compatible with SSL.