×
Create a new article
Write your page title here:
We currently have 3,189 articles on s23. Type your article name above or create one of the articles listed here!



    s23
    s23
    3,189Articles
    Add new page
    in:
    Protocols

    Definition[edit]

    SSL := Secure Socket Layer (RFC 2246)

    The Secure Socket Layer is a stream-oriented communication layer that provides authentication and strong encryption and data-integrity for a server/client-model.

    Authentication[edit]

    Authentication is based upon x509-certificated, built from an RSA oder DSA public key. The server must provide a certificate to the client; the client may provide one (depends on configuration) to the server. Both certificated may be signed by a trusted third party via a signing-scheme, such as RSA or DSA. Once e.g. the client gets the server-certificate upon connection, it can verify the certificate by checking this signature against the certificate of the trusted third party or check if this is really the certificate it expects. The server may do the same with the client-certificate.

    Key- and algorithm-agreement[edit]

    After authentication both parties agree on an algorithm for further encryption. the list of algorithm is standarized and does contain symmetric algorithms like IDEA, BlowFish, Rijndael (=AES) et al. Both parties also agree on an encryption-key. Right now i am not sure, if this is true, but i assume this is done with a key-agreement-scheme such as Diffie-Hellman. All this agreement is encrypted with the public-key of the other partie (from its certificate), so only this partie can decrypt it.

    Communication[edit]

    Once all this is done, both parties can communicate over this encrypted and authenticated channel.

    History, Applications[edit]

    SSL was developed by Netscape for a secure way of communication between a webserver and a webbrowser. Now it is used for a vast number of protocols, like HTTPS, POP3S (pop3 ssl), IMAPS (imap ssl), LDAPS, SSH ... The current standards are SSLv3 (the SSL as defined above) and TLSv1, an extension where insecure protocols like IMAP or POP3 may provide an extra command (often "STARTTLS") that initiates an SSL-connection.

    OpenSSL[edit]

    OpenSSL is much more than an implementation of SSL, it is a collection of many algorithms for encryption, hashing, key agreement and such. for a description, please take a look at their homepage or read the nice oreilly book: ISBN 0-596-00270-X

    related: RSA

    Retrieved from "https://wiki.s23.org/wiki/SSL?oldid=27148"
    Cookies help us deliver our services. By using our services, you agree to our use of cookies.
    More information
    Cookies help us deliver our services. By using our services, you agree to our use of cookies.
    More information