All You Need to Know About SSL

All You Need to Know About SSL

SSL mail server. (from the English Secure Socket Layer listed on abbreviationfinder). It provides security services by encrypting the data exchanged between the server and the client with an algorithm symmetric encryption, typically the RC4 or IDEA, and encrypting the session key RC4 or IDEA using an encryption algorithm public key, typically the RSA.

Origin

Secure Socket Layer is a set of protocols general character designed in 1994 by the company Nestcape communcations Corporation, and is based on the combined application of Symmetric Cryptography, Cryptography Asymmetric (public key), digital certificates and digital signatures for a channel or secure means of communication through the Internet.

Symmetric cryptographic systems, the main engine of encryption of data transferred in communication, take advantage of the speed of operation, while asymmetric systems are used for the secure exchange of symmetric keys, thereby solving the problem of Confidentiality. in data transmission.

Process

When you connect to a secure server (https: // www…), browsers notify you of this circumstance by means of a yellow padlock in the lower part and also allow you to check the information contained in the digital certificate that enables it as a secure server. SSL allows you to collect data such as credit card information, etc. in a secure environment since the information sent through a secure form is transmitted to the server in an encrypted form.

SSL implements a negotiation protocol to establish a secure communication at the level of socked (machine name plus port), in a transparent way to the user and the applications that use it.

When the client asks the secure server for secure communication, the server opens an encrypted port, managed by software called the SSL Record Protocol, located on top of TCP. It will be the high-level software, SSL Handshake Protocol, who uses the SSL Record Protocol and the open port to communicate securely with the client.

The SSL Handshake Protocol

During the SSL Handshake protocol, the client and the server exchange a series of messages to negotiate security enhancements. This protocol follows the following six phases (very briefly):

  • The Hello phase, used to agree on the set of algorithms for maintaining privacy and for authentication.
  • The key exchange phase, in which you exchange information about the keys, so that in the end both parties share a master key.
  • The session key production phase, which will be used to encrypt the exchanged data.
  • The Server Verification phase, present only when RSA is used as the key exchange algorithm, and serves for the client to authenticate the server.
  • The Client Authentication phase, in which the server requests an X.509 certificate from the client (if client authentication is required).
  • Finally, the end phase, which indicates that the secure session can now begin.

The SSL Record Protocol

The SSL Record Protocol specifies how to encapsulate transmitted and received data. The data portion of the protocol has three components:

  • MAC-DATA, the authentication code of the message.
  • ACTUAL-DATA, the application data to be transmitted.
  • PADDING-DATA, the data required to fill the message when using block encryption.

General characteristics

  • SSL implements a negotiation protocol to establish a secure communication at the level of socked (machine name plus port), in a transparent way to the user and the applications that use it.
  • The identity of the secure web server (and sometimes also of the client user) is obtained through the corresponding Digital Certificate, whose validity is checked before starting the exchange of sensitive data (Authentication), while the security of data integrity exchanged, the Digital Signature is in charge by means of hash functions and the verification of summaries of all the data sent and received.
  • SSL provides security services to the protocol stack, encrypting outgoing data from the Application layer before it is segmented at the Transport layer and encapsulated and sent by the lower layers. Furthermore, it can also apply compression algorithms to the data to be sent and fragment the blocks larger than 214 bytes, reassembling them at the receiver.
  • The identity of the secure web server (and sometimes also of the client user) is obtained through the corresponding Digital Certificate, whose validity is checked before starting the exchange of sensitive data (Authentication), while the security of data integrity exchanged, the Digital Signature is in charge by means of hash functions and the verification of summaries of all the data sent and received.
  • Its implementation in the OSI and TCP / IP reference models, SSL is introduced as a kind of additional layer or layer, located between the Application layer and the Transport layer, replacing the operating system sockets, which makes it independent. application that uses it, and is generally implemented on port 443. (NOTE: The ports are the interfaces between the applications and the TCP / IP protocol stack of the operating system).

Present

The most current version of SSL is 3.0. It uses the symmetric DES, TRIPLE DES, RC2, RC4 and IDEA encryption algorithms, the asymmetric RSA, the MD5 hash function and the SHA-1 signature algorithm.

SSL