The SSL protocol operates between the application layer and the TCP/IP
layer. This allows it to encrypt the data stream itself, which can then be
transmitted securely, using any of the application layer protocols. Two encryption
techniques are used:
- Public key encryption is used to encrypt and decrypt certificates during
the SSL handshake.
- A mutually agreed symmetric encryption technique, such as DES (data encryption
standard), or triple DES, is used in the data transfer following the handshake.