SSL/TLS Protocol
Secure Sockets Layer (SSL)

SSL is a sophisticated encryption scheme that does not require the client and the server to arrange for a secret key to be exchanged before the transaction is started. SSL uses public/private keys to provide a flexible encryption scheme that can be setup at the time of the secure transaction. With the session keys (essentially symmetric-keys) being generated dynamically for every session, this makes deciphering the transactions between the client and server almost impossible even with easily available massive computing power.

Symmetric-key Cryptography
In typical encryption schemes the client and server would be required to use a secret key that has been preconfigured in the client and the server machines. In such a scheme (symmetric-key cryptography), the client would use the secret key to encrypt the data. The server would use the same secret key to decrypt the data. Same logic applies in the server to client direction. The problem with this approach is that it's almost impossible to distribute secret keys "securely" among the client and servers before any transaction between the client and server can begin, especially for web based services that involve hundreds of thousands of users connecting to different servers randomly.

Asymmetric-key Cryptography
SSL tries to solve this problem by using asymmetric keys. These keys are defined in pairs of public and private keys. As the name suggests the public key is freely available to anybody. The private key is known only to the server or client incase the server wants to verify the client as well. Since this asymmetric key cryptography is slow compared to symmetric key cryptography, SSL (or TLS as the newer version of SSL is now called) uses asymmetric key cryptography just to "securely" exchange symmetric keys between the server and client during the handshake process, rest of the SSL/TLS session uses symmetric keys to encrypt or decrypt for any data exchange between the client and server.