SSL, or Secure Socket Layer is simply that--a layer. It is used across an existing protocol (HTTP) to make it secure. Everything else stays the same, basically. HTTP works the way it normally would.
So basically all SSL is used for is encrypting communication that goes over HTTP already. No more, no less. Well, you can use SSL with e-mail and stuff like that. But just keep in mind it's simply a layer over an existing protocol.
Here is crude way on how SSL works, though:
Your server has a public key, we'll call it P, that has been generated and signed by the server.
You use P to encrypt communication to be sent back to the server.
ONLY the person (ie, the server) knows how to decrypt what you send it because only they have a PRIVATE key.
This is all based on some discrete math. It's all about factorization and the fact that it takes HUGE amounts of time (ie, thousands upon thousands of years) to factor large numbers. Anyway, that concludes our math lesson for today. lol
So, all you really need SSL for is if you want to encrypt communication between the server and the end-user. If you're interested in generating your own CSR's and being your own certificate authority, I know of a good how-to. If you wish to use it publically though, you'd need to get it signed by a company such as Thawte, Verisign, Geotrest, and the list goes on. 🙂
So in regards as secure programming, SSL is more about transport than programming really.
I hope that helped. It's nearly 3:00 am here and I'm going crazy with a paper. If you have any more questions, or if I didn't explain anything clearly, just ask. It's very possible I didn't at this hour. lol
