Transport Layer Security - Mrinal Wadhwa

•

0 likes•1,134 views

The document summarizes the evolution of the Transport Layer Security (TLS) protocol from versions 1.0 to 1.2. It describes the key components of TLS including the record protocol for fragmenting and transmitting encrypted data, handshake protocol for authentication and key exchange, and cipher suites for encryption algorithms. The TLS protocol provides secure communication over the internet by preventing eavesdropping, tampering, and forgery of messages between client and server applications.

Technology Education

Transport Layer
Security
Mrinal Wadhwa

http://www.mrinalwadhwa.com

SSL v1
before 1995, internal to Netscape, never released

SSL v2
draft published in FEB 1995

SSL 0.2 PROTOCOL SPECIFICATION
http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html

SSL v3
draft published in NOV 1996

The SSL Protocol Version 3.0
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt

TLS 1.0
RFC 2446 - in Jan 1999

The TLS Protocol Version 1.0
http://tools.ietf.org/html/rfc2246

TLS 1.1
RFC 4346 - in April 2006

The Transport Layer Security (TLS) Protocol Version 1.1
http://tools.ietf.org/html/rfc4346

TLS 1.2
RFC 5246 - in August 2008

The Transport Layer Security (TLS) Protocol Version 1.2
http://tools.ietf.org/html/rfc5246

"The TLS protocol provides communications security
over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to
prevent eavesdropping, tampering, or message forgery."

- The Transport Layer Security (TLS) Protocol Version 1.2

Record Protocol
http://tools.ietf.org/html/rfc5246#section-6

The Record Protocol takes messages to be transmitted, fragments the
data into manageable blocks, optionally compresses the data, applies
a MAC, encrypts, and transmits the result. Received data is
decrypted, verified, decompressed, reassembled, and then delivered to
higher-level clients.

$struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;$

Change Cipher Spec
Protocol
http://tools.ietf.org/html/rfc5246#section-7.1

Alert Protocol
http://tools.ietf.org/html/rfc5246#section-7.2

Handshake Protocol
a simplified discussion

http://tools.ietf.org/html/rfc5246#section-7.3

Hello Request

http://tools.ietf.org/html/rfc5246#section-7.4.1.1

struct { } HelloRequest;

$Client Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.2 struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;$

CIPHER SUITES

TLS_RSA_WITH_AES_128_CBC_SHA

"The connection is encrypted using AES_128_CBC, with SHA1 for
message authentication and RSA as the key exchange mechanism."

Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9
Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C

CIPHER SUITES

TLS_RSA_WITH_AES_128_CBC_SHA

Key Exchange - RSA
Cipher - AES_128_CBC
Mac - SHA (HMAC-SHA1)

$Server Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.3 struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;$

$Server Certificate http://tools.ietf.org/html/rfc5246#section-7.4.2 opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate;$

Server Hello Done

http://tools.ietf.org/html/rfc5246#section-7.4.5

struct { } ServerHelloDone;

$Client Key Exchange Message http://tools.ietf.org/html/rfc5246#section-7.4.7 struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;$

$Finished http://tools.ietf.org/html/rfc5246#section-7.4.9 struct { opaque verify_data[verify_data_length]; } Finished;$

- mrinalwadhwa.com
- email@mrinalwadhwa.com
- @mrinal
- github.com/mrinalwadhwa

What's hot

PPT ON WEB SECURITY BY MONODIP SINGHA ROY

Monodip Singha Roy

As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts: - Brief Introduction to Public Key Infrastructure (PKI) - Introduction to SSL/TLS Protocols - Practical Examples and Hints The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).

SSL/TLS Introduction with Practical Examples Including Wireshark Captures

JaroslavChmurny

SSL And TLS

Ghanshyam Patel

SSL/TLS

Dr Anjan Krishnamurthy

Transport layer security

Hrudya Balachandran

Secure socket layer

Nishant Pahad

This slides show a more complex rollout real world scenario in combination of usb-based crypto keys used in parallel under linux and windows and cross-browser on windows too! Good thing is - no passwords must be stored on any of the authentication systems - no passwords can be stolen! ;-) Slides just give an overview over the overall architecture but was really working - see pictures on last slides - where the same certificate from the usb key is shown under linux and windows - still neat. Somehow not much seems to have changed since 2004 if one looks around - could still be applied in todays environments - the basics and it's still not wide spread nowadays. Note: Slides are historical versions from 2004, so not all shown hardware, protocols and/or drivers/software may be available or recommended for usage anymore. Today I would prefere OpenXPKI which forked of OpenCA and is an fully independent version by now close to 1.0 release this or next year! Check it out!

Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI

Ives Laaf

Introduction to SSH

Hemant Shah

TLS/SSL Protocol Design 201006

Nate Lawson

What is SCEP, how does it work, what can you use it for and how is it integrated into OpenCA. Later forked into OpenXPKI project. Slides are historical versions from 2004, so SCEP protocoll may have evolved since then. Look at: http://tools.ietf.org/html/draft-nourse-scep-23 Be aware that there may be security implications while using scep in open environments: http://www.kb.cert.org/vuls/id/971035 Be aware that scep has been switched to historic status in favor of two more advanced protocols: "The IETF protocol suite currently includes two certificate management protocols with more comprehensive functionality: Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272]."

SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...

Ives Laaf

SSL

Duy Do Phan

Transport Layer Security

Chhatra Thapa

Secure Socket Layer

Pina Parmar

Transport Layer Security

Ibrahiem Mohammed

TLS - Transport Layer Security

ByronKimani

secure socket layer

Amar Shah

SSL overview

Todd Benson (I.T. SPECIALIST and I.T. SECURITY)

Secure Shell(ssh)

Pina Parmar

What's hot (18)

PPT ON WEB SECURITY BY MONODIP SINGHA ROY

SSL/TLS Introduction with Practical Examples Including Wireshark Captures

SSL And TLS

SSL/TLS

Transport layer security

Secure socket layer

Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI

Introduction to SSH

TLS/SSL Protocol Design 201006

SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...

SSL

Transport Layer Security

Secure Socket Layer

Transport Layer Security

TLS - Transport Layer Security

secure socket layer

SSL overview

Secure Shell(ssh)

Similar to Transport Layer Security - Mrinal Wadhwa

Missing communication security is a common vulnerability in Internet of Things deployments. Addressing this vulnerability is, in theory, relatively easy: with TLS and DTLS, two widely used security protocols are available. They are used to secure web and smart phone apps. In this talk Hannes Tschofenig explains how the TLS/DTLS 1.3 protocols work and how they differ from previous versions. Hannes also speaks about the performance improvements and how they help in IoT deployments.

Advancing IoT Communication Security with TLS and DTLS v1.3

Hannes Tschofenig

03-SSL (1).ppt

ZAKARIAABED1

03-SSL (2).ppt

ShounakDas16

03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...

ghorilemin

this is ppt this is ppt this is ppt this is ppt

ghorilemin

DPDK Summit 2015 - Intel - Keith Wiles

Jim St. Leger

Oczyszczacz powietrza i stos sieciowy? Czas na test! Semihalf Barcamp 13/06/2018

Semihalf

Symmetric Crypto for DPDK - Declan Doherty

harryvanhaaren

FreeBSD and Hardening Web Server

Muhammad Moinur Rahman

SSL Secure socket layer

Ahmed Elnaggar

FIWARE Wednesday Webinar - How to Secure IoT Devices (22nd April 2020) Corresponding webinar recording: https://youtu.be/_87IZhrYo3U Live coding session and commentary, demonstrating various techniques and methods for securing the interactions between Devices, IoT Agents and the Context Broker Chapter: Security Difficulty: 3 Audience: Any Technical Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)

FIWARE Wednesday Webinars - How to Secure IoT Devices

FIWARE

Securing the tunnel with Raccoon

Gloria Stoilova

Transport Layer Security

Sanjeev Kumar Jaiswal

Ssl (Secure Socket Layer)

Sandeep Gupta

Transport layer security.ppt

ImXaib

WLAN and IP security

Chaitanya Tata, PMP

Secure socket layer

Emprovise

Dpdk: rte_security: An update and introducing PDCP

Hemant Agrawal

Protocol

m_bahba

26.1.7 lab snort and firewall rules

Freddy Buenaño

Similar to Transport Layer Security - Mrinal Wadhwa (20)

Advancing IoT Communication Security with TLS and DTLS v1.3

03-SSL (1).ppt

03-SSL (2).ppt

03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...

this is ppt this is ppt this is ppt this is ppt

DPDK Summit 2015 - Intel - Keith Wiles

Oczyszczacz powietrza i stos sieciowy? Czas na test! Semihalf Barcamp 13/06/2018

Symmetric Crypto for DPDK - Declan Doherty

FreeBSD and Hardening Web Server

SSL Secure socket layer

FIWARE Wednesday Webinars - How to Secure IoT Devices

Securing the tunnel with Raccoon

Transport Layer Security

Ssl (Secure Socket Layer)

Transport layer security.ppt

WLAN and IP security

Secure socket layer

Dpdk: rte_security: An update and introducing PDCP

Protocol

26.1.7 lab snort and firewall rules

More from Mrinal Wadhwa

SF IoT Meetup - Decentralized Identifiers & Verifiable Claims

Mrinal Wadhwa

Edge Computing and Machine Learning for a better Internet of Things

Mrinal Wadhwa

Considerations for a secure internet of things for cities and communities

Mrinal Wadhwa

Austin Smart City Readiness Workshop - Viability and Sustainability of IoT Sm...

Mrinal Wadhwa

Smart parking sensor networks can provide accurate data drawn directly from actual parking behaviors in every space – not just estimates. The benefit of this knowledge allows communities large and small to arrive at tangible applications to help them thrive and grow. For example, optimized parking in retail areas, i.e. less empty spots and fair enforcement of time limits, can improve turnover of spaces (number of cars that occupy a space per day). Increased turnover in retail areas typically leads to increased sales for that area's retailers. This then leads to greater revenue through taxes and property values for a community. That in turn attracts new businesses and residents, which then further helps enhance the overall economic value of the area. This is just one example of how better parking can enable a better, more vibrant and thriving community. --- These slides are from a presentation I gave at Converge Bangalore organized by @thoughtworks on November 8, 2014 in Bangalore. http://info.thoughtworks.com/converge-bangalore-november-8-registration.html

Better Parking. Better Communities.

Mrinal Wadhwa

Bits, Bytes and Blobs

Mrinal Wadhwa

An Introduction To Rich Internet Apllications

Mrinal Wadhwa

Custom Components In Flex 4

Mrinal Wadhwa

Flex 4 Component Lifecycle

Mrinal Wadhwa

Introduction to Rich Internet Applications, Flex, AIR

Mrinal Wadhwa

More from Mrinal Wadhwa (10)

SF IoT Meetup - Decentralized Identifiers & Verifiable Claims

Edge Computing and Machine Learning for a better Internet of Things

Considerations for a secure internet of things for cities and communities

Austin Smart City Readiness Workshop - Viability and Sustainability of IoT Sm...

Better Parking. Better Communities.

Bits, Bytes and Blobs

An Introduction To Rich Internet Apllications

Custom Components In Flex 4

Flex 4 Component Lifecycle

Introduction to Rich Internet Applications, Flex, AIR

Recently uploaded

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Exploring Multimodal Embeddings with Milvus

Zilliz

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

DBX First Quarter 2024 Investor Presentation

Dropbox

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Recently uploaded (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

FWD Group - Insurer Innovation Award 2024

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Cyberprint. Dark Pink Apt Group [EN].pdf

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Corporate and higher education May webinar.pptx

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

CNIC Information System with Pakdata Cf In Pakistan

Exploring Multimodal Embeddings with Milvus

Ransomware_Q4_2023. The report. [EN].pdf

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DBX First Quarter 2024 Investor Presentation

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

AWS Community Day CPH - Three problems of Terraform

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

presentation ICT roal in 21st century education

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Transport Layer Security - Mrinal Wadhwa

1. Transport Layer Security Mrinal Wadhwa http://www.mrinalwadhwa.com

2. SSL v1 before 1995, internal to Netscape, never released

3. SSL v2 draft published in FEB 1995 SSL 0.2 PROTOCOL SPECIFICATION http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html

4. SSL v3 draft published in NOV 1996 The SSL Protocol Version 3.0 http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt

5. TLS 1.0 RFC 2446 - in Jan 1999 The TLS Protocol Version 1.0 http://tools.ietf.org/html/rfc2246

6. TLS 1.1 RFC 4346 - in April 2006 The Transport Layer Security (TLS) Protocol Version 1.1 http://tools.ietf.org/html/rfc4346

7. TLS 1.2 RFC 5246 - in August 2008 The Transport Layer Security (TLS) Protocol Version 1.2 http://tools.ietf.org/html/rfc5246

8. "The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery." - The Transport Layer Security (TLS) Protocol Version 1.2

9. Record Protocol http://tools.ietf.org/html/rfc5246#section-6

10. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.

11. struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;

12. Change Cipher Spec Protocol http://tools.ietf.org/html/rfc5246#section-7.1

13. Alert Protocol http://tools.ietf.org/html/rfc5246#section-7.2

14. Handshake Protocol a simplified discussion http://tools.ietf.org/html/rfc5246#section-7.3

15. Hello Request http://tools.ietf.org/html/rfc5246#section-7.4.1.1 struct { } HelloRequest;

16. Client Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.2 struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;

17. CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA "The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism." Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9 Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C

18. CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA Key Exchange - RSA Cipher - AES_128_CBC Mac - SHA (HMAC-SHA1)

19. Server Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.3 struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;

20. Server Certificate http://tools.ietf.org/html/rfc5246#section-7.4.2 opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate;

21. Server Hello Done http://tools.ietf.org/html/rfc5246#section-7.4.5 struct { } ServerHelloDone;

22. Client Key Exchange Message http://tools.ietf.org/html/rfc5246#section-7.4.7 struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;

23. Finished http://tools.ietf.org/html/rfc5246#section-7.4.9 struct { opaque verify_data[verify_data_length]; } Finished;

24. ?

25. - mrinalwadhwa.com - email@mrinalwadhwa.com - @mrinal - github.com/mrinalwadhwa

Transport Layer Security - Mrinal Wadhwa

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to Transport Layer Security - Mrinal Wadhwa

Similar to Transport Layer Security - Mrinal Wadhwa (20)

More from Mrinal Wadhwa

More from Mrinal Wadhwa (10)

Recently uploaded

Recently uploaded (20)

Transport Layer Security - Mrinal Wadhwa