2. TLS and its Predecessor, SSL

2 TLS and its Predecessor, SSL

The Erlang SSL application implements the SSL/TLS protocol for the currently supported versions, see the ssl(3) manual page.

By default SSL/TLS is run over the TCP/IP protocol even though you can plug in any other reliable transport protocol with the same Application Programming Interface (API) as the gen_tcp module in Kernel.

If a client and a server wants to use an upgrade mechanism, such as defined by RFC 2817, to upgrade a regular TCP/IP connection to an SSL connection, this is supported by the Erlang SSL application API. This can be useful for, for example, supporting HTTP and HTTPS on the same port and implementing virtual hosting.

2.1 Security Overview

To achieve authentication and privacy, the client and server perform a TLS handshake procedure before transmitting or receiving any data. During the handshake, they agree o