Where does SSL encryption take place? (original) (raw)

HTTPS is HTTP over TLS (or over SSL, which is the name of previous versions of TLS).

SSL/TLS, when configured properly, provides privacy and data integrity between two communicating applications (see TLS specification), over a reliable transport, typically TCP.

Although TCP sockets are not mentioned in the TLS specification, SSL and TLS were designed with the objective of providing a model that could be used almost like plain TCP sockets by application programmers. Besides a few edge cases (for example, for closing sockets or if you want your application you application to be aware of re-negotiations), this is indeed mostly the case. SSL/TLS stacks often provide wrappers that make the SSL/TLS sockets be programmable in the same way as plain TCP sockets (once configured); for example Java's SSLSocket extends Socket.

Most applications rely on existing libraries to use SSL/TLS (for example JSSE in Java, SChannel, OpenSSL, Mozilla's NSS library, OSX's CFNetwork, ...). With little modifications to the plain TCP code (usually, everything around certificate and trust management, and encryption/cipher suites settings if required), SSL/TCP sockets (or streams, depending on the type of API) are used to exchange plain text as far as the application is concerned. It's the underlying library that tends to do the encryption work, transparently.

When you look at the traffic within the browser's developer's tools, it's what's exchanged on top of those libraries that you see. To see the encrypted traffic, you'd need to look at the actual traffic (e.g. using Wireshark).