(SYS-CON Media) Francesco Sullo (pictured) has released aSSL version 1.2beta3 with a Javascript/ASP server-side component. aSSL is a library distributed under MIT License thats implements a technology similar to SSL without HTTPS.

aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once the connection has been established, the data will be sent and received using AES algorithm.

Making the announcement on the aSSL website, Sullo said that in the coming weeks he would be working on porting this new aSSL version to PHP and other languages.

The aSSL 1.2 technology is changed respect to the previous 1.1 one.
How aSSL 1.2 works:
• The browser calls the server to start the process.
• The server returns its RSA modulus (e.g. the public key) and the public exponent (3 or 10001).
• The browser generates a random exchange 128-bit key, encrypts it using the server public key and passes the encrypted exchange key to the server.
• The server receives this encrypted 128-bit exchange key, decrypts it with its private key and, if the result is ok, returns the session duration time.
• The browser receives the session duration time and sets a timeout to maintain alive the connection.
• All subsequent client-server exchanges via aSSL are encrypted and decrypted using the AES Rijndael algorithm.


aSSL 1.2 uses Tom Wu's BigIntegers and RSA in JavaScript to negotiate the secret 128-bit key and Chriss Veness's AES Javascript implementation for the next exchanges.