A Brief History of SSL

SSL was originally developed as a strategic business move by Netscape Communications, now a subsidiary of AOL Time Warner. Netscape wanted to gain a competitive advantage through the use of security. Netscape was in the midst of partnering to open up an online shopping mall and portal site. The use of SSL would give Netscape an advantage over other e-commerce sites that were not cryptographically enabled.

The first version of SSL was 1.0, but the protocol was not publicly released until version 2.0, which shipped with Netscape Navigator 1 and 2. Of course, a Web browser by itself cannot set up an SSL connection. A computer must be at the other end as well. Netscape also integrated SSL support into its Web servers so that the browser and server together could set up the secure SSL tunnel. At the time, Netscape had the market covered because it was the only one with both SSL-enabled browsers and servers.

Several shortcomings were found in SSL v2.0. In response, Microsoft created a similar protocol named PCT, which was designed to overcome the shortcomings of SSL v2.0 and give Microsoft its own advantage in the cryptographically enabled browser market. Aware of the advances made by PCT, Netscape worked to release SSL version 3.0, which has become the most popular cryptographic protocol for Web browsers and Web servers in use today. The SSL v3.0 protocol has become the basis for the Internet Engineering Task Force (IETF), the formal group that governs standards for use across the Internet to use in their secure protocol development.