Beruflich Dokumente
Kultur Dokumente
SSL
Internet security protocol used to provide a secure
connection between client and web server. Secure means encrypted connection. Provides two services:
Authentication Confidentiality
Layers in TCP/IP
Application Layer Transport Layer Internet Layer Data Link layer Physical layer
Internet Layer
Data Link layer Physical layer
Handshake protocol
First sub-protocol used to establish the connection
between client (Web browser) and Web Server. Consists of series of messages of the following format:
Type (1 byte)
Length (3 bytes)
Message types
Phases
Client random number :32-bit date-time field and 28 bytes random number Server random number : Same structure
Four messages Certificate Server Key Exchange Certificate Request Sever Hello Done
encrypts it with the servers public key and send it to the server) Certificate Verify (Sends pre-master secret value with random numbers after hashing them together using MD5 and SHA-1 and signs it with its private key.)
Phase 4: Finished
Client initiates it , which server ends. 4 steps: By Client
Change Cipher Specs Finished
By Server
Change Cipher Specs Finished
Keys Generation
Master Key generation concept.
Pre-master secret Client Random Server Random
Master Key
Symmetric Key
Record protocol
After authentication deciding which cipher to be
Confidentiality Integrity
equal to 2^14 bytes. Compression: No loss of data. Loss-less compression MAC: For integrity Encryption: Confidentiality Append SSL header:
Content type(8 bits) Major version (8 bits) Minor version (8 bits) Compressed length (16 bits)
Content type
Major version
Minor version
Compressed length
Encryption
MAC
Alert protocol
When either client or server detects an error, an alert
message is sent by detecting party to another party. Alert Message consists of 2 bytes only.
Severity(Byte 1)
Cause (Byte 2)
Severity
Value 1 : Warning
Dont result in the termination of connection, handles the error and continue
Fatal errors Unexpected message Bad record MAC Decompression failure Handshake failure Illegal Parameters
Non-fatal errors No certificate Bad certificate (no able to verify DS) Unsupported certificate Certificate revoked Certificate expired Certificate unknown Close notify