Greetings everyone. I am trying to determine where encryption/decryption occurs on an SSL socket. Is it within the application process itself or somewhere in the IP stack in kernel? If it happens in the IP stack in kernel, is there a risk that a packet filter sitting in the IP stack would be able to make a recording of the packets before they get encrypted. Just wondering. cheers, Abbey

*Bump*

SSL lives on the presentation layer (layer 6) of the OSI model; encryption/decryption occurs here. Regards, Jason

SSL lives on the presentation layer (layer 6) of the OSI model; encryption/decryption occurs here. Regards, Jason I thank you for you response, but unfortunately, knowing that encryption occurs at layer 6 does not help me understand whether layer 6 is a component that is implement within the process space of an application process or outside the process space of an application process. cheers, Abbey

Sorry Abbey, Layer 6 of the OSI model is integrated into the Application layer of the TCP/IP model and so SSL encryption occurs within applications themselves. You're able to confirm this by running a packet capture using Microsoft Network Monitor or WireShark; even at a device driver level you're not able to see what is is an SSL encrypted segment. Regards, Jason