What is SSL and TLS? – Today We Will Talk About How SSL And TLS Works What is SSL And TLS?
Secure Sockets Layer (SSL)
The Secure Sockets Layer (SSL) is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet.
It is a protocol used to provide a secure authentication mechanism between two communicating applications, such as a client and a server. The SSL requires a reliable transport protocol, such as TCP, for data transmission and reception.
It use RSA asymmetric (public key) Encryption to encrypt data transferred over SSL connections.
Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key: it also verifies the destination server prior to the transmission and reception of data. The SSL encrypts the complete data of the application protocol to ensure security.
The SSL protocol also offers “channelsecurity” with three basic properties:
- Private Channel — All the message are encrypted after a simple handshake is used to define a secret key.
- Authenticated Channel — The server endpoint of the conversion is always encrypted, whereas the client endpoint is-optionally authenticated.
- Reliable Channel — Message transfer has an integrity check.
SSL uses both asymmetric and symmetric authentication mechanisms. Public–key encryption verifies the identities of the server, the client, or both. Once authentication has taken place, the client and server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responisble for carrying out the SSL handshake protocol to organize the states of the server and clients, thus ensuring the consistency of the protocol.
SSL Handshake Protocol Flow
The SSL handshake protocol works on top of the SSL record layer. The processes executed in the three-way handshake protocol are as follows:
- The client sends a Hello message to the server, which the server must respond to with a Hello message, or the connection will fail due to the occurrence of a fatal error. The attributes established due to the server, and client hello are protocol version, Session ID, cipher suite, and compression method.
- After the connection is established, the server sends a certificate to the client for authentication. In addition, server might send a server-key exchange message. On authentication of server, it may ask the client for the certificate.
- The server sends a “Hello done” message to inform the client that the handshake phase is complete and waits for the client’s response.
- If the client receives a certificate-request message, the client must respond to he message by sending a certificate message of “no certificate” alert. The server sends the client key-exchange message. The content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and the client transmits it.
- The client transmits the changed cipher-spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets.
- In response, the server replies by sending its own changed cipher-spec message, transfers the pending cipher spec to the current cipher spec, initiates the completion of the message under the new cipher spec. At this point, the handshake is complete, and the server to exchange the application-layer data.
The Resumption of a Previous Session Of The Replication Of an Existing Session Proceeds as Follows:
- The client initiates the communication by sending a hello message with the Session ID of the session that is to be resumed.
- If the server finds a match, it re-establishes the session under the specified session state with same Session ID.
- At this point, both the server and the client exchange the changed spec messages and proceed directly to the finished messages.
- After re-establishment, the server and client exchange data at the application layer.
- If the session ID does not exist, the server creates a new session ID. The SSl client and server then carry out a complete handshake.
SSL Tool :- Open SSL
OpenSSL is an open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of Open SSL’s crypto library from the shell.
OpenSSL can be used for:
- Creation and Management of Private Keys, and Parameters.
- Public key cryptographic operations.
- Creation of X.509 certificates, CSRs, and CRLs.
- Calculations of Message DIgests.
- Encryption and Decryption with Ciphers.
- SSL client and Server Tests.
- Handling of S/MIME signed or encrypted mail.
- Time Stamp requests, generations, and verification.
What is SSL and TLS?
What Is TLS?
Transport Layer Security(TLS)
Transport Layer Security(TLS) is a protocol used to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission.
t uses symmetric key for bulk Encryption, asymmetric key for authentication and key exchange, and message authentication codes for message integrity. It uses the RSA algorithm with 1024-bit and 2048-bit strengths. with the help of TLS, one can reduce security risks such as message tampering, message forgery, and message interception. An advantage of TLS is that it is application-protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently.
TLS Protocol consists of two layers; TLS Record Protocol and TLS Handshake Protocol.
TLS Record Protocol :-
The TLS Record Protocol is a layered protocol. It provides secured connections with an encryption method such as Data Encryption Standard (DES). It secures application connection data using the keys generated during the handshake and verifies its integrity and origin. The TLS Record Protocol provides connection security that has two basic properties:
What is SSL and TLS?
- The Connection is Private :- Uses symmetric crytography for data encryption (DES and RSA). The protocol generates unique keys for symmetric encryption for each connection, depending on a secret negotiated by another protocol. One can use the Record Protocol without encryption.
- The Connection is Reliable :- It provides a message integrity check at the time of message transport using keyed Mac. Secure Hash Functions (SHA, MD5) help to perform MAC computations.
TLS Record Protocol Manages the Following:
- Fragments outgoing data into manageable blocks and reassembles incoming data.
- Optionally compresses outgoing data and decompresses incoming dataApllies
- Message Authentication Code (MAC) to the outgoing data and uses MAC to verify the incoming data
- Encrypts outgoing data and decrypts incoming data.
TLS Handshake Protocol :-
TLS Handshake Protocol allows the client and server to authenticate each other and to select an encryption algorithm and cryptographic keys prior to data exchange by the application protocol.
It Provides Connection Security that has three basic properties:
- The peer’s identity can be authenticated using asymmetric cryptography. This can be made optional but mostly required for at least one of the peers.
- The negotiation of a shared secret is secure.
- The negotiation is reliable.
The TLS handshake protocol operates on top the TLS record layer and is responsible to produce cryptographic parametes of the session state. At the start of communication, TLS client and server agree on a protocol version, select cryptographic algorithms, optionally authenticate each other, and use asymmetric cryptography techniques to create shared secrets.
What is SSL and TLS?
Given Below are steps involved in TLS Handshake Protocol :
- Initially, the client sends a “Client Hello” message, accompanied by the client’s random value and supported cipher suites to the server.
- The server responds to the client by sending a “Server Hello” message accompanied by the server’s random value.
- The server sends its certificate to the client to authenticate and may request client’s certificate. the server sends the “Server Hello Done” message.
- The client sends its certificate to the server, if requested.
- The client generates a random Pre-master Secret and encrypts it with the Server’s public key; it then sends the encrypted Pre-Master Secret to the Server.
- The client sends “Change Cipher spec” notification to the server to indicate that it will start using the new session keys for hashing and encrypting messages. The client also sends “Clientfinished” message.
- The server recives “Changecipher spec” from the client and switches its record layer security state to symmetric encryption using the session keys. The server sends “Serverfinished” message to the client.
- Now, the client and server can exchange application data over the secure channel they have established and all the messages being exchanged between the client and server are encrypted using a session key,
Also Read This: – Call of Duty Hacks
If You Want This Post In Hindi Click Here