Question

Your company hosts several public Web sites on its Web server. Some of the sites implement the secure sockets layer (SSL) protocol.

Which statement is NOT true of this protocol?
A SSL is used to protect Internet transactions.
B SSL version 2 provides client-side authentication.
C SSL with TLS supports both server and client authentication.
D SSL has two possible session key lengths: 40 bit and 128 bit.
E SSL operates at the Network layer of the OSI model.

Answer 1

Option E is not true; SSL operates at the Transport layer of the OSI model, not the Network layer. SSL is designed to provide secure internet communications, and modern implementations use stronger encryption than the 40-bit and 128-bit key lengths mentioned.

Step-by-step explanation:

The student has asked which statement is NOT true of the secure sockets layer (SSL) protocol. Among the statements provided, option E, which claims that SSL operates at the Network layer of the OSI model, is NOT true. SSL actually operates at the Transport layer of the OSI model, providing encryption and authentication to ensure secure communications over the internet. SSL version 2 has indeed been deprecated due to security vulnerabilities, and SSL version 3 and TLS (Transport Layer Security), its successor, support both server and client authentication. SSL has been known to use different session key lengths, including 40-bit (which is considered weak by today's standards) and stronger 128-bit encryption, but modern implementations have moved beyond these to even more robust encryption strengths.