05-06-2012, 12:42 PM
SSL – Secure Socket Layer
ssl-tls.pdf (Size: 142.12 KB / Downloads: 7)
What is SSL?
SSL – Secure Socket Layer
it provides a secure transport connection between applications
(e.g., a web server and a browser)
SSL was developed by Netscape
SSL version 3.0 has been implemented in many web browsers
(e.g., Netscape Navigator and MS Internet Explorer) and web
servers and widely used on the Internet
SSL v3.0 was specified in an Internet Draft (1996)
it evolved into RFC 2246 and was renamed to TLS (Transport
Layer Security)
TLS can be viewed as SSL v3.1
SSL components
SSL Handshake Protocol
– negotiation of security algorithms and parameters
– key exchange
– server authentication and optionally client authentication
SSL Record Protocol
– fragmentation
– compression
– message authentication and integrity protection
– encryption
SSL Alert Protocol
– error messages (fatal alerts and warnings)
SSL Change Cipher Spec Protocol
– a single message that indicates the end of the SSL handshake
Sessions and connections
an SSL session is an association between a client and a server
sessions are stateful; the session state includes security
algorithms and parameters
a session may include multiple secure connections between the
same client and server
connections of the same session share the session state
sessions are used to avoid expensive negotiation of new
security parameters for each connection
there may be multiple simultaneous sessions between the same
two parties, but this feature is not used in practice