IIS and SSL

IIS and SSL

IIS support SSL ver 3.0, to encrypt data transfer between client and web server.


Using SSL encryption
DES/3DES/AES/SSL Vpn Encryption/compression
SSL uses a mathematical algorithm for encryption, called a key, to encrypt the data so that it can be recovered by only that key.

Remember, You can't use host header with SSL. With SSL, HTTP requests are encrypted, so host header can't be used to determine correct site to which a request much be routed.


Negotiation

Once requested reaches webServer, the web server sends the public key and server certificate to client browser. Next, client and server negotiate the level of encryption to use for the secure communication try to maintain highest level of encryption possible.

When the encryption level is maintained the client browser creates one session key and uses the server's public key to encrypt this information for transmission. Anyone intercepting the message at this point wont be able to read the SESSION key - Only the server's private key can decrypt the message.

The IIS server decrypts the message sent by the client using its private key. The SSL session between the client and the server is now established. The session key can be used to encrypt and decrypt data transmitted between the client and server.

Level Of Encryption
Whole Disk Encryption Windows - Premium Maint. Renewal 1-24 seat level 1 year 1 seatDatabase Encryption and Key Management for Microsoft SQL Server 2008: Understanding cell-level encryption and Transparent Data Encryption in Microsoft ... modules (Information Security Professionals)
The user's browser and the server use the bit length of their encryption keys to determine the strongest level of encryption possible. If the encryption keys use 512 bits, the level of encryption is set to 40 bits. If the encryption keys use 1024 bits, the level of encryption is set to 128 bits.