SSL – Design Goals • Secure transmission between client and server at the lowest level – socket level – Protocol sits on top of TCP • Peer Authentication – Server is automatically authenticated, client is optionally – Allows both machines to establish an encrypted connection. Cont.. • SSL includes two sub-protocols: the SSL Record Protocol and the SSL Handshake Protocol. • Record Protocol -- defines the format used to transmit data. • Handshake Protocol -- using the Record protocol to exchange messages b/t an SSL- enable server and an SSL-enable client. How does SSL Work? • How a client and a server create a secure connection? • The SSL protocol uses RSA public key cryptography for Internet Security. • Public key encryption uses a pair of asymmetric keys for encryption and decryption. Cont.. • Each pair of keys consists of a public key and a private key. The public key is made public by distributing it widely; the private key is always kept secret. • Data encrypted with the public key can be decrypted only with the private key, and vice versa. Handshaking Protocol Client send hello message including a random message and its protocol version, session ID, cipher suite, and client Server replies with a hello message with its compression method own protocols, random message, its certificate server and requests for client certificate if necessary
Client authenticates server, then
creates a pre-master secret for the session and encrypts the message client with the servers public key (may Server authenticates the client if necessary, send its certificate also) server and uses its private key to decode the message and the pre-master secret, then creates a master secret key for the session and tells the client Client decodes the master key and that it will use the master key for the session tells the server that it will use the key to encode the session also. client
server Handshake is done
Certificate
Subject Distinguished Name, Public Key
Issuer Distinguished Name, Signature
Period of Validity Not Before Date, Not After Date