SSL (Secure Socket Layer) and TLS (Transport Layer Security) are popular cryptographic protocols that are used to imbue web communications with integrity, security, and resilience against unauthorized tampering.
2. SECURE SOCKET LAYER(SSL)
The secure socket layer (ssl) protocol is an internet
protocol for secure exchange of information between
a web browser and a web server .
It provides two basic security services:
Authentication
Confidentiality
3. HOW SSL WORKS ?
SSL has three sub-protocols
The handshake protocol
The record protocol
The alert protocol
4. THE HANDSHAKE PROTOCOL
SSL handshake verifies the server and allows client
and server to agree on an encryption set before
any data is sent out
Handshake Protocol is used to establish sessions.
This protocol allows the client and server to
authenticate each other by sending a series of
messages to each other.
5. THE HANDSHAKE PROTOCOL
Handshake protocol uses four phases to complete its
cycle.
Phase-1: In Phase-1 both Client and Server send
hello-packets to each other. In this IP session, cipher
suite and protocol version are exchanged for security
purposes.
Phase-2: Server sends his certificate and Server-
key-exchange. The server end phase-2 by sending the
Server-hello-end packet.
6. THE HANDSHAKE PROTOCOL
Phase-3: In this phase Client reply to the server by
sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurred
and after this Handshake Protocol ends.
8. THE RECORD PROTOCOL
The record protocol in SSL comes into picture after a
successful handshake is completed between the
client and the server . That is , after the client and the
server have optionally authenticated each other and
have decided what algorithms to use for secure
information exchange , we enter into the SSL record
protocol
9. THE RECORD PROTOCOL
SSL Record provides two services to SSL connection.
Confidentiality
Message Integrity
10. THE RECORD PROTOCOL
In the SSL Record Protocol application data is
divided into fragments. The fragment is compressed
and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure
Hash Protocol) and MD5 (Message Digest) is
appended. After that encryption of the data is done
and in last SSL header is appended to the data.
12. THE ALERT PROTOCOL
The SSL Alert Protocol signals problems with an SSL
session.
Alert messages convey the severity of the message and a
description of the alert.
Upon transmission or receipt of a fatal alert message, both
parties immediately close the connection.
13. THE ALERT PROTOCOL
The client and the server must communicate that the
connection is ending to avoid a truncation attack.
Either party may initiate the exchange of closing messages.
Normal termination occurs when the close_notify message is
sent.
This message notifies the recipient that the sender will not send
any more messages on this connection.
The session becomes unresumable if any connection is
terminated without a proper close_notify message.
14. ALERT ERROR
The following error alerts are defined:
unexpected_message
An inappropriate message was received. This alert is always
fatal and should never be observed in communication between
proper implementations.
bad_record_mac
This alert is returned if a record is received with an
incorrect message authentication code. This message is
always fatal.
15. ALERT ERROR
decompression_failure
The decompression function received improper input (e.g.
data that would expand to excessive length). This message is
always fatal.
handshake_failure
Indicates the sender was unable to negotiate an acceptable
set of security parameters given the options available. This is
a fatal error.
16. ALERT ERROR
no_certificate
May be sent in response to a certification request if no
appropriate certificate is available.
bad_certificate
A certificate was corrupt, probably contained a digital
signature that did not verify correctly
17. ALERT ERROR
unsupported_certificate
A certificate was of an unsupported type.
certificate_revoked
A certificate was revoked by its signer.
certificate_expired
A certificate has expired or is not currently valid.
18. ALERT ERROR
certificate_unknown
Some unspecified issue arose in processing the certificate,
rendering it unacceptable.
o illegal_parameter
A field in the handshake was out of range or inconsistent with
other fields. This is always fatal.