An SSL Connection without https with aSSL

A new method of using aJax to establish an SSL connection allows pages or login information to be encrypted without switching over to https.

aSSL is a library distributed under MIT License thats implements a technology similar to SSL without HTTPS.

aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once the connection has been established, the data will be sent and received using AES algorithm.

aSSL is composed of some Javascript files and a server side component. Because I have recently changed the negotiation algoritm from RC4 to RSA, only a pure Javascript (ASP) server component is currently available. I will do a porting for the main web languages (PHP, Java, Perl, Python, TKL, etc.) as soon as possible once the library has passed the beta phase.

While switching to https has some definite advantages over this method, such as unspoofable browser notifications to let users know that it is a secure connection, aSSL can definitely come in handy for securing small amounts of data such as login information.

aSSL - aJax Secure Service Layer

Originally posted on Sun Jun 24, 2007