SSL is a channel security protocol. It provides a secure pipe between
two systems which may be used to carry HTTP transactions or any other
application data. It is not coupled to particular electronic commerce
features or applications. Architecturally, SSL may be compared to
versions of SOCKS which perform encryption or to IP security proposals.
SSL includes the facilities for establishing, negotiating, and managing
the security association between the endpoints (including performing
authentication).
SSL operates based on longer term security associations oriented around the generation of a master key between two parties and short lived sessions with per-session keys derived from the master key. In the assessment below, distinctions will be made between the services applied on a per-association basis vs those performed on a per-session basis.