Dual SSL - How It Works

Dual SSL is a web security technology that increases the protection of information as it is sent from a web server to a browser (and vice-versa when combined with another open-source library). It helps prevent the information from being intercepted by eavesdroppers and hackers.

Traditional TLS/SSL sends web content over a single encrypted HTTPS connection between a server and browser. This encrypted data can be intercepted from a single point, and then later decrypted if the encryption key is obtained or a weakness in the encryption cipher is discovered.

Dual SSL sends web content over multiple HTTPS connections, from two separate servers. Each server can have their own private keys, they can have SSL certificates from two separate certificate authorities, and they can be located in completely different geographical locations.

Here is a basic illustration of how Dual SSL works:

Dual SSL Dataflow

1. The client browser connects to the web server using a HTTPS connection. Authentication of the web server is provided by a valid SSL certificate. This first step is very similar to traditional TLS/SSL, except instead of receiving the full web content over this connection, the browser will receive encrypted web content and a URL to the dynamically generated key.

2. The web server sends the dynamically generated key to the Key Server over another HTTPS connection. The key is protected with another level of encryption known as Application Layer Containment. This means that even if the SSL software on the web server is compromised, an attacker should experience difficulty obtaining the key required to decrypt the content.

3. The client browser connects to the Key Server via HTTPS to obtain the key. The key is delivered in two parts, and the second part of the key is only released after the first part has been deleted from the Key Server. This is important because it means if an attacker is able to intercept the initial HTTPS connection between the browser and web server, it will be difficult to decrypt the connection and obtain the URL to the key before it is destroyed.

One of the advantages of Dual SSL is that it can selectively encrypt specific content on a web page. This means that sensitive content can be protected by the enhanced encryption of Dual SSL, while the remaining content can be delivered normally over the initial HTTPS connection. This allows web sites to balance performance and efficiency with security.


© 2015 Josh Abbott. All rights reserved.