3. The Secure socket Layer protocol
Transport Layer Security TLS protocol, sometimes referred to, secure sockets layer
SSL protocol:
Is a widely deployed protocol for securing client-server communications over the
internet.
TLS is designed to prevent eavesdropping, tampering, and message forgery.
4. The SSL protocol is:
- Stateful,
- connection-oriented,
- and a “client-server” protocol.
It provides:
- Authentication,
- integrity,
- and confidentiality.
Definition
5. According to the Internet Draft IETF of the SSL Protocol, the point of the protocol “is
to provide privacy and reliability between two communicating applications.”
Prof. Freier, Alan O.
It is the most widely known as the protocol that, coupled with HTTP, secures the Web
and uses the “https” URI scheme
DEFINITION
6. History
Before the web breaking, people accessed information on the internet using
protocols such as:
TELNET, FTP, and -a little later- Gopher.
TLS faced at least two skirmishes,
- IPSEC, it was by far realized in kernel space; whereas the TLS is realized in the
user space. Ubiquitousness made the TLS won.
- The protocol question, between Netscape's SSL and Microsoft’s private
communications technology PCT that wasn’t widely deployed.
7. History - versions
- Netscape first development , 1.0, 1994.
- The second SSL, 2.0, 1995.
- SSL spread version, 3.0, 1996.
- SSL henceforth referred to as TLS since it moved from Netscape to the IETF TLS
working group (WG) in mid 1996.
- First TLS, 1.0, 1999.
- TLS 1.12006.
- TLS 1.2, 2008.
- TLS 1.3, currently under way.
8. SSL Protocol Design
SSL 3.0
Design
Handshaking
Protocol
Record
Protocol
Handshaking Protocol Functionalities:
- Negotiates the cipher suite,
- Authenticates the server and, optionally, the client and
- Establishes the session keys.
The Record Protocol:
- Secures the application data with the session key,
- Verifies the application data’s integrity and origin.
9. SSL DESIGN architecture
The handshaking Protocol actually has
three sub-protocols.
The “Change Cipher Protocol” informs the
peer about the set of keys change request.
The “alert” protocol notifies the peer
about the cause of protocol failure, It is not
normally sent during the handshake
protocol.
Diagram by, the computer science and Engineering Department,
The Ohio State University.
11. Key exchange algorithms
- Anonymous Diffie-Hellman (DH)
- Ephemeral Diffie-Hellman (DHE)
Using DH or DHE, no need to send a server or client certification message, certificate request
or verify messages; instead, server sends a server key-exchange message that provide
information to encrypt the premaster secret.
An option to negotiate a pre-shared key PSK exists.
12. Key exchange algorithms
- RSA; one of the first practicable public-key cryptosystems.
Using PSK, An option is also available to support Secure Remote Passwords SRP cipher
suites.
13. A final word
TLS got its name from its record protocol since it performs in a transport-like
manner.
TLS handles fragmenting, receiving, and defragmenting.
Depending on the negotiated algorithms, data can be compresses, message
authentication coded (MACed), and encrypted before transmission and vice versa
reversed receival.
The important point, is that the TLS can be configured to operate as securely as
possible or in some horrifically broken way.
Cryptographic algorithms weaken over time, so it’s a good idea to check the server’s
configuration file to make sure of the ciphers strength.
14. TLS 1.3 Incoming goals
- Encrypt as much of the handshake as possible
- Reduce handshake latency
- Update payload protection to address cipher weaknesses
- Reevaluate handshake content
15. Summary
TLS protocol provides transport layer security for Internet applications and
confidentiality using symmetric key cryptography and data integrity using a keyed
MAC, it also includes functionality for client and server authentication using public
key cryptography.
