January 22, 2012

1.4.6 SSL


Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols that provide communication security over the Internet. SSL (and TLS) encrypt the segments of network connections at the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.
The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications.

The SSL protocol uses an encryption scheme between the two systems. The client initiates the session, the server responds, indicating that encryption is needed, and then they negotiate an appropriate encryption scheme.

TLS is a newer protocol that merges SSL with other protocols to provide encryption. TLS supports SSL connections for compatibility, but it also allows other encryption protocols, such as Triple DES, to be used. SSL/TLS uses port 443 and TCP for connections.

When a connection request is made to the server, the server sends a message back that initiates the connection negotiation process. This negotiation includes the capabilities of the parties and sharing of certificates, session keys and encryption keys. The session is secure at the end of this process.

This session will stay open until one end or the other issues a command to close it. The command is typically issued when a browser is closed or another URL is requested.

Earlier browsers often use 40- or 56-bit SSL encryption. Modern browsers can work with 128-bit or higher encrypted sessions/certificates.

An SSL certificate enables encryption of sensitive information during online transactions. Each SSL certificate is a unique credential identifying the certificate owner. A Certificate Authority (CA) authenticates the identity of the certificate owner before it is issued.

Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it.

TLS is a security protocol that uses SSL, and it allows the use of other security protocols. The TLS protocol is also referred to as SSL 3.1, but despite its name, it doesn't interoperate with SSL. However, a message sent with TLS can be handled by a client that handles SSL but not TLS.


No comments:

Post a Comment