Developed by Netscape, SSL is used extensively by web browsers to provide secure connections for transferring credit cards numbers and other sensitive data. An SSL-protected HTTP transfer uses port 443 (instead of HTTP's normal port 80), and is identified with a special URL method - https. Thus, https://www.verisign.com/ would cause an SSL-enabled browser to open a secure SSL session to port 443 at www.verisign.com.
SSL, like most modern security protocols, is based on cryptography. When an SSL session is established, the server begins by announcing a public key to the client. No encryption is in use initially, so both parties (and any eavesdropper) can read this key, but the client can now transmit information to the server in a way that no one else could decode. The client generates 46 bytes of random data, forms them into a single very large number according to PKCS#1, encrypts them with the server's public key, and sends the result to the server. Only the server, with its private key, can decode the information to determine the 46 original bytes. This shared secret is now used to generate a set of conventional RC4 cipher keys to encrypt the rest of the session.
X.509 certificates are used to authenticate the server, and the client can be authenticated as well, by presenting a certificate of its own, then computing a hash of all the SSL messages that have been exchanged up to a certain point, encrypting the result with its private key, and sending this to the server. The server, which can compute the same hash value, having seen all the messages as well, can decrypt using the client's public key, which is part of the certificate, and verify that the two results are the same. Thus the client is authenticated.