Site icon ExploitByte

What is SSL And TLS ?

What is SSL and TLS?

What is SSL and TLS? – Today We Will Talk About How SSL And TLS Works What is SSL And TLS?

Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet.

It is a protocol used to provide a secure authentication mechanism between two communicating applications, such as a client and a server. The SSL requires a reliable transport protocol, such as TCP, for data transmission and reception.

It use RSA asymmetric (public key) Encryption to encrypt data transferred over SSL connections.

Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key: it also verifies the destination server prior to the transmission and reception of data. The SSL encrypts the complete data of the application protocol to ensure security.

The SSL protocol also offers “channelsecurity” with three basic properties:

SSL uses both asymmetric and symmetric authentication mechanisms. Public–key encryption verifies the identities of the server, the client, or both. Once authentication has taken place, the client and server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responisble for carrying out the SSL handshake protocol to organize the states of the server and clients, thus ensuring the consistency of the protocol.

SSL Handshake Protocol Flow

The SSL handshake protocol works on top of the SSL record layer. The processes executed in the three-way handshake protocol are as follows:

  1. The client sends a Hello message to the server, which the server must respond to with a Hello message, or the connection will fail due to the occurrence of a fatal error. The attributes established due to the server, and client hello are protocol version, Session ID, cipher suite, and compression method.
  2. After the connection is established, the server sends a certificate to the client for authentication. In addition, server might send a server-key exchange message. On authentication of server, it may ask the client for the certificate.
  3. The server sends a “Hello done” message to inform the client that the handshake phase is complete and waits for the client’s response.
  4. If the client receives a certificate-request message, the client must respond to he message by sending a certificate message of “no certificate” alert. The server sends the client key-exchange message. The content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and the client transmits it.
  5. The client transmits the changed cipher-spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets.
  6. In response, the server replies by sending its own changed cipher-spec message, transfers the pending cipher spec to the current cipher spec, initiates the completion of the message under the new cipher spec. At this point, the handshake is complete, and the server to exchange the application-layer data.

The Resumption of a Previous Session Of The Replication Of an Existing Session Proceeds as Follows:

SSL Tool :- Open SSL

Source: https://www.openssl.org

OpenSSL is an open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of Open SSL’s crypto library from the shell.

OpenSSL can be used for:

If you got any problem or need some more information you can comment below we will help you soon. To learn more about Hacking you can check more.

What is SSL and TLS?

What Is TLS?

Transport Layer Security(TLS)

Transport Layer Security(TLS) is a protocol used to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission.

t uses symmetric key for bulk Encryption, asymmetric key for authentication and key exchange, and message authentication codes for message integrity. It uses the RSA algorithm with 1024-bit and 2048-bit strengths. with the help of TLS, one can reduce security risks such as message tampering, message forgery, and message interception. An advantage of TLS is that it is application-protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently.

TLS Protocol consists of two layers; TLS Record Protocol and TLS Handshake Protocol.

TLS Record Protocol :-

The TLS Record Protocol is a layered protocol. It provides secured connections with an encryption method such as Data Encryption Standard (DES). It secures application connection data using the keys generated during the handshake and verifies its integrity and origin. The TLS Record Protocol provides connection security that has two basic properties:

What is SSL and TLS?

TLS Record Protocol Manages the Following:

TLS Handshake Protocol :-

TLS Handshake Protocol allows the client and server to authenticate each other and to select an encryption algorithm and cryptographic keys prior to data exchange by the application protocol.

It Provides Connection Security that has three basic properties:

The TLS handshake protocol operates on top the TLS record layer and is responsible to produce cryptographic parametes of the session state. At the start of communication, TLS client and server agree on a protocol version, select cryptographic algorithms, optionally authenticate each other, and use asymmetric cryptography techniques to create shared secrets.

What is SSL and TLS?

Given Below are steps involved in TLS Handshake Protocol :

Also Read This: – Call of Duty Hacks

If you got any problem or need some more information you can comment below we will help you soon. To learn more about Hacking you can check more.

If You Want This Post In Hindi Click Here

Exit mobile version