Ssl is implemented at the layer of what?

586    Asked by AnishaDalal in Cyber Security , Asked on Sep 26, 2022

 I checked the data transmission of an HTTPS website (gmail.com) using Firebug. But I can't see any encryption to my submitted data (username and password). Where does SSL encryption take place?

Answered by Ankesh Kumar

The SSL is implemented at the layer as a transparent wrapper around the HTTP protocol. In terms of the OSI model, it's a bit of a grey area. It is usually implemented in the application layer, but strictly speaking is in the session layer.


Think of it like this:
Physical layer (network cable / wifi)
Data link layer (ethernet)
Network layer (IPv4)
Transport layer (TCP)
Session layer (SSL)
Presentation layer (none in this case)
Application layer (HTTP)
Notice that SSL sits between HTTP and TCP.

If you want to see it in action, grab Wireshark and browse a site via HTTP, then another via HTTPS. You'll see that you can read the requests and responses on the HTTP version as plain text, but not the HTTPS ones. You'll also be able to see the layers that the packet is split into, from the data link layer upwards.



Your Answer

Interviews

Parent Categories