 |
|
| |
|
|
|
at Global Oneness Community.
Share your dreams and let others help you with the interpretation!
Dream Sharing Forum
|
|
Transport Layer Security - How it works | | Transport Layer Security - How it works: Encyclopedia II - Transport Layer Security - How it works | | The SSL protocol exchanges records; each record can be optionally compressed, encrypted and packed with a message authentication code (MAC). Each record has a content_type field that specifies which upper level protocol is being used.
When the connection starts, the record level encapsulates another protocol, the handshake protocol, which has content_type 22.
The client sends and receives several handshake structures:
It sends a ClientHello message specifying the list of cipher suites, compress ...
See also:Transport Layer Security, Transport Layer Security - Description, Transport Layer Security - How it works, Transport Layer Security - Applications, Transport Layer Security - History and development, Transport Layer Security - Early weak keys, Transport Layer Security - Standards, Transport Layer Security - TLS 1.1 | | | Transport Layer Security, Transport Layer Security - Applications, Transport Layer Security - Description, Transport Layer Security - Early weak keys, Transport Layer Security - History and development, Transport Layer Security - How it works, Transport Layer Security - Standards, Transport Layer Security - TLS 1.1, SSL acceleration, OpenSSL: a free (and very popular) implementation., GnuTLS: a free implementation whose licensing is compatible with the GPL., JSSE: a Java implementation included in the Java Runtime Environment, Datagram Transport Layer Security, VeriSign, Thawte, X.509 | | |
| | | Transport Layer Security: Encyclopedia II - Transport Layer Security - How it works
Transport Layer Security - How it works
The SSL protocol exchanges records; each record can be optionally compressed, encrypted and packed with a message authentication code (MAC). Each record has a content_type field that specifies which upper level protocol is being used.
When the connection starts, the record level encapsulates another protocol, the handshake protocol, which has content_type 22.
The client sends and receives several handshake structures:
- It sends a ClientHello message specifying the list of cipher suites, compression methods and the highest protocol version it supports. It also sends random bytes which will be used later.
- Then it receives a ServerHello, in which the server chooses the connection parameters from the choices offered by the client earlier.
- When the connection parameters are known, client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there's also a draft specifying the use of OpenPGP based certificates.
- The server can request a certificate from the client, so that the connection can be mutually authenticated.
- Client and server negotiate a common secret called "master secret", possibly using the result of a Diffie-Hellman exchange, or simply encrypting a secret with a public key that is decrypted with the peer's private key. All other key data is derived from this "master secret" (and the client- and server-generated random values), which is passed through a carefully designed "Pseudo Random Function".
TLS/SSL have a variety of security measures:
- Numbering all the records and using the sequence number in the MACs.
- Using a message digest enhanced with a key (so only with the key can you check the MAC). This is specified in RFC 2104).
- Protection against several known attacks (including man in the middle attacks), like those involving a downgrade of the protocol to previous (less secure) versions, or weaker cipher suites.
- The message that ends the handshake ("Finished") sends a hash of all the exchanged data seen by both parties.
- The pseudo random function splits the input data in 2 halves and processes them with different hashing algorithms (MD5 and SHA), then XORs them together. This way it protects itself in the event that one of these algorithms is found vulnerable.
Other related archives1996, 40-bit, AES, Advanced Encryption Standard, DES, DSA, Datagram Transport Layer Security, Diffie-Hellman, Fortezza, GPL, GnuTLS, HTTP, HTTPS, IDEA, IETF, Internet, Internet Engineering Task Force, JSSE, Java, Java Runtime Environment, Kerberos, Lotus Notes, MD5, NNTP, Netscape, OpenPGP, OpenSSL, OpenVPN, Opera, PKCS#1, Pseudo Random, Public key encryption, RC2, RC4, RFC, RFCs, RSA, SHA, SMTP, SSL acceleration, Stunnel, Symmetric cipher, TCP, TCP/IP, Thawte, Triple DES, US, VPN, VeriSign, World Wide Web, X.509, XORs, authentication, brute-force search, client/server, communications privacy, cryptographic protocols, cryptography, eavesdropping, electronic commerce, export of cryptographic technology, key size, man in the middle attacks, message authentication code, message forgery, peers, protocol, public key certificates, public key infrastructure, secure, symmetric keys, tampering
 Adapted from the Wikipedia article "How it works", under the G.N U Free Docmentation License. Please also see http://en.wikipedia.org/wiki |
|
|
|
More material related to Transport Layer Security can be found here:
|
|
|
« Back
|
Search the Global Oneness web site |
|
|
|
|
|
Sneak-Peek of Global Oneness Community
Hi friend! The Global Oneness Community, the place for information and sharing about Oneness is not really launched yet (you will see there is still some clean up to do) ...but it is now open for a sneak-peek! And if you wish - please register and become one of the very first members to do so! Jonas
Forum Home,
Articles,
Photo Gallery,
Videos,
News,
Sitemap
...and much more!
|
