Webeks.net - freelance programming
freelance programming - php, Joomla, Zend ...
Home :: Articles :: Inf. systems :: Secure Socket Layer - SSL

Secure Socket Layer - SSL

Written by Miha

Secure Sockets Layer (SSL) is predecessor of Transport Layer Security (TLS).

Cryptographic protocol that provides secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but they are essentially the same.

Session

Session can contain multiple connections that are identified by cryptographic parameters - that enables more efficient deployment (negotiation and creation of cryptographic parameters are resource consuming tasks).

Typically, only the server is authenticated while the client remains unauthenticated; this means that the end user can be sure with whom it is communicating.

SESSION STATE IS DEFINED BY:

  • session identifier (byte sequence chosen by a server)
  • peer certificate (X.509)
  • compression algorithm (compression usually applied before encryption)
  • cipher specification (defines session encryption) and calculation details for MACs
  • 48 bytes master secret shared between client and server
  • flag indicating session ability to initiate new connection (is resumable)

SSL CONNECTION STATE IS DEFINED BY:

  • random sequence chosen by the server and client (for each conn)
  • server secret key used for MACs computation (sent to the client)
  • client secret key used for MACs computation (sent to the server)
  • server write key - symmetric data encryption key used by the server
  • client write key - symmetric data encryption key used by the client
  • initialization vectors for block ciphers - used in a chaining mode
  • sequence numbers - on the interval between 0 and 264-1

 

Simple TLS handshake
  1. client sends a ClientHello message
    - specifying the highest TLS protocol version it supports,
    - a random number,
    - a list of suggested cipher suites and
    - compression methods
  2. server responds with a ServerHello message
    - containing the chosen protocol version,
    - a random number,
    - cipher suite,
    - compression method from the choices offered by the client
    The server may also send a session id as part of the message to perform a resumed handshake.
  3. server sends its Certificate message
    - depending on the selected cipher suite, this may be omitted by the server
  4. server sends a ServerHelloDone message
    - indicating it is done with handshake negotiation
  5. client responds with a ClientKeyExchange message
    - contains a PreMasterSecret, public key, or nothing - Again, this depends on the selected cipher
  6. client and server compute common secret - "master secret" using random numbers and PreMasterSecret
    - all other key data is derived from this master secret (and the client- and server-generated random values)
  7. client now sends a ChangeCipherSpec record
    - this is telling the server, "Everything I tell you from now on will be encrypted."
    - note that the ChangeCipherSpec is itself a record-level protocol
  8. client sends an encrypted Finished message
    - containing a hash and MAC
  9. server will attempt to decrypt the Client's Finished message, and verify the hash and MAC
    - if the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down
  10. server sends a ChangeCipherSpec and its encrypted Finished message
    - client performs the decryption and verification
  11. "handshake" is complete and the Application protocol is enabled
    - application messages exchanged between Client and Server will be encrypted

SSL simple handshake

SSL HANDSHAKE

  • meant for client - server authentication and verification
  • before any application data is exchanged
  • steps 1-7

SSL CHANGE CIPHER SPEC

  • simplest protocol in SSL family
  • copies pending state in the current state
  • steps 7-11

SSL RECORD

  • provides operational confidentiality and message integrity
  • operating steps
    1. application data fragmentation (and lossless compression is applied)
    2. MAC is calculated over shared secret key, padding bits, sequence number, higher level protocol, length of compressed fragment and compressed fragment itself
    3. encryption is applied
    4. SSL Record header is prepared (to enable inverse operation)
  • SSL Record header fields
    - major and minor version of SSL protocol
    - higher level protocol being served by SSL
    - length of the fragment

SSL ALERT

  • used to signal alerts to the peer entity
  • each message consists of two bytes (first is meant for alert type, second holds additional info)
  • alerts can be
    - warnings
    - fatal errors (SSL terminates connection, other connections can continue, but new ones cannot be created)

Related Articles

blog comments powered by Disqus
back to top
Next >