1. SSL: the full name is Secure Sockets Layer, which is a protocol between TCP layer protocol and HTTP protocol. If we use the TCP/IP five-layer protocol, SSL belongs to the application layer and is at the same layer as HTTP.

SSL protocol has nothing to do with HTTP protocol. It is a security protocol used to encrypt data packets (with application layer protocol headers). Therefore, we can also use SSL protocol to encrypt FTP, SMTP and other protocols, namely FTPS and SMTPS.

Second, SSH is a secure shell, which mainly consists of three parts:

Part I: Connection Protocol [SSH-CONNECT]

Dividing a plurality of encrypted tunnels into logical channels. It runs on the user authentication protocol. It provides interactive login session, remote command execution, forwarding TCP/IP connection and forwarding X 1 1 connection.

Part II: User Authentication Protocol [SSH-USERAUTH]

Which is used for providing the client user authentication function to the server. It runs on the transport layer protocol SSH-TRANS. When SSH-USERAUTH is started, it receives the session identifier (from the exchange hash h in the first key exchange) from the lower layer protocol. The session identifier uniquely identifies the session and is suitable for marking to prove the ownership of the private key. SSH-USERAUTH also needs to know whether the underlying protocol provides confidentiality protection.

Part III: Transport layer protocol

Please note that the transport layer here has little to do with the OSI transport layer, but they are the closest part of the application layer to the transport layer protocol. Provide server authentication, confidentiality and integrity. In addition, it sometimes provides a compression function. SSH-TRANS usually runs on TCP/IP connections, and can also be used for other reliable data streams. SSH-TRANS provides powerful encryption technology, password host authentication and integrity protection. The authentication in this protocol is based on the host, and the protocol does not perform user authentication. A higher level user authentication protocol can be designed on top of this protocol.

Third, the difference between SSL and SSH

Similarities: If divided into five-layer protocols, both SSH and SSL can be regarded as application-layer protocols. They all use asymmetric encryption to encrypt the application layer. In addition, they are actually relatively basic application layer protocols, that is, other application layer protocols, such as FTP protocol, can also be put.

Difference: SSH does not need a certificate, that is, it does not need a notary office. SSH realizes the authentication of host user name and password, which is partially completed by SSH-TRANS, while SSL does not have this function.