Secure Sockets Layer (SSL)
The Secure Sockets Layer (SSL) is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet.
It is a protocol used to provide a secure authentication mechanism between two communicating applications, such as a client and a server. The SSL requires a reliable transport protocol, such as TCP, for data transmission and reception.
Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key: it also verifies the destination server prior to the transmission and reception of data. The SSL encrypts the complete data of the application protocol to ensure security.
The SSL protocol also offers “channelsecurity” with three basic properties:
- Private Channel — All the message are encrypted after a simple handshake is used to define a secret key.
- Authenticated Channel — The server endpoint of the conversion is always encrypted, whereas the client endpoint is-optionally authenticated.
- Reliable Channel — Message transfer has an integrity check.
SSL uses both asymmetric and symmetric authentication mechanisms. Public–key encryption verifies the identities of the server, the client, or both. Once authentication has taken place, the client and server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responisble for carrying out the SSL handshake protocol to organize the states of the server and clients, thus ensuring the consistency of the protocol.
SSL Handshake Protocol Flow
The SSL handshake protocol works on top of the SSL record layer. The processes executed in the three-way handshake protocol are as follows:
- The client sends a Hello message to the server, which the server must respond to with a Hello message, or the connection will fail due to the occurrence of a fatal error. The attributes established due to the server, and client hello are protocol version, Session ID, cipher suite, and compression method.
- After the connection is established, the server sends a certificate to the client for authentication. In addition, server might send a server-key exchange message. On authentication of server, it may ask the client for the certificate.
- The server sends a “Hello done” message to inform the client that the handshake phase is complete and waits for the client’s response.
- If the client receives a certificate-request message, the client must respond to he message by sending a certificate message of “no certificate” alert. The server sends the client key-exchange message. The content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and the client transmits it.
- The client transmits the changed cipher-spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets.
- In response, the server replies by sending its own changed cipher-spec message, transfers the pending cipher spec to the current cipher spec, initiates the completion of the message under the new cipher spec. At this point, the handshake is complete, and the server to exchange the application-layer data.
The Resumption of a Previous Session Of The Replication Of an Existing Session Proceeds as Follows:
- The client initiates the communication by sending a hello message with the Session ID of the session that is to be resumed.
- If the server finds a match, it re-establishes the session under the specified session state with same Session ID.
- At this point, both the server and the client exchange the changed spec messages and proceed directly to the finished messages.
- After re-establishment, the server and client exchange data at the application layer.
- If the session ID does not exist, the server creates a new session ID. The SSl client and server then carry out a complete handshake.
SSL Tool :- Open SSL
OpenSSL is an open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of Open SSL’s crypto library from the shell.
OpenSSL can be used for:
- Creation and Management of Private Keys, and Parameters.
- Public key cryptographic operations.
- Creation of X.509 certificates, CSRs, and CRLs.
- Calculations of Message DIgests.
- Encryption and Decryption with Ciphers.
- SSL client and Server Tests.
- Handling of S/MIME signed or encrypted mail.
- Time Stamp requests, generations, and verification.
Also Read Instagram Hacking