This paper describes how information can be exchanged securely using HTTP 1.1 and SSL 3.0 in terms of the security services: authentication, confidentiality, and integrity, as defined in ISO 7498-2 Security Architecture. This paper considers both client authentication, i.e., authentication of the user to the server, and server authentication, i.e., authentication of the server to the user. Table 1 summarizes the security services provided by HTTP and SSL.

Web server administrators determine the security requirements for browser access to information on their servers. They are able to configure the level and type of authentication and/or confidentiality required for each area on their servers. In addition, since HTTP and/or SSL can provide the authenticated identity of users to the Web server, administrators are able to configure the level of access, e.g., which HTTP methods, a user has to server resources. While the details of Web server and browser configuration are specific to each Web server or browser, the services described herein are usually configurable.

Table 1: Security services provided by HTTP 1.1 and SSL 3.0

HTTP provides no confidentiality or server authentication services. Since HTTP uses TCP as the transport protocol, HTTP has the minimal message integrity support of TCP. However, TCP does not guarantee that a message is not intentionally changed at some intermediate point in its route from the source to the destination.

HTTP does provide a minimal username/password client authentication service. The HTTP Basic username/password authentication mechanism sends the password encoded in base64. Consequently, passwords are easily eavesdropped. In their browser and server, Microsoft supports a username/password authentication, called Windows NT Challenge/Response (NTLM), that is significantly more effective against eavesdropping in that it uses a one-time encoding of the password. Digest Authentication (RFC 2069) is another type of HTTP username/password authentication. Digest Authentication is similar to NTLM but is not yet widely implemented.

SSL encrypts all HTTP messages including those containing usernames and passwords, thus providing high assurance that passwords are not eavesdropped. The protection of HTTP authentication information is significantly enhanced by the additional use of the confidentiality service provided by SSL.

SSL provides authentication (both client and server), confidentiality, and integrity services to HTTP. SSL always provides confidentiality and optionally provides client and/or server authentication. Message integrity is provided by means of a message authentication code computed by a secure hash function.

With SSL, Web server administrators configure:

• whether client and/or server authentication is required
• which type of authentication is required, e.g., HTTP authentication, SSL authentication
• what algorithm(s) for confidentiality/authentication is required, e.g., RSA, Diffie-Helman

While the details of configuring a Web server to require SSL for access differ among Web servers, the following configurations are usually possible. Note that a particular browser may not interoperate with a particular configuration defined for a Web server, e.g., the browser may not support the algorithms required by the Web server.

Confidentiality with no Authentication is the most common use of SSL. SSL encrypts the entire contents of all HTTP messages, thus protecting the contents of both the request and the response from eavesdropping. For example, this use of SSL permits credit card numbers to be sent over the Internet, significantly reducing the possibility that the number will be eavesdropped.

Since bulk encryption using public key algorithms requires significantly more computation as compared to private key algorithms, SSL uses public key encryption to effect the confidential exchange of a private key between client and server. The public/private key pair used for the private key exchange is unique to the Web server. Depending on its configuration, a Web server may also have a public key certificate, based on its key pair, signed by a Certificate Authority. If this is the case, the Web server’s certificate may be used by a browser for Web server authentication (see sec. 2.4).

The simplicity of HTTP username/password authentication is an attractive alternative to SSL authentication for many applications. However, applications may need to assure that HTTP authentication information exchanged between client and server is not eavesdropped. The level of protection from eavesdropping afforded to HTTP authentication information varies according to the particular mechanisms used (see sec. 1). While HTTP authentication is not part of the SSL protocol, the confidentiality of HTTP authentication information can be virtually assured by using HTTP authentication with SSL. Using HTTP authentication with SSL works well for applications where SSL confidentiality is required for HTTP request/response messages and the username/password authentication provided by HTTP is sufficient, i.e., the strong authentication provided by SSL is not required.

SSL can support several different strong authentication mechanisms both public key (e.g., RSA) and private key (e.g., Kerberos) based. Most browsers and Web servers support public key based authentication mechanisms where public key certificates for users and Web servers are signed by a Certificate Authority. In order to authenticate a user and determine the user’s access to resources, the Web server requires a browser to send the user’s public key certificate signed by a Certificate Authority that the Web server has been configured to trust.

When a user accesses a URL which begins "https:", this means that the Web server has been configured to require SSL for access. If the Web server has a public key certificate signed by a Certificate Authority, the user can ensure that the Web server is not an imposter by configuring the browser to only accept connections to a Web server which provides a public key certificate registered with a Certificate Authority that the user trusts.