O'Reilly logo

Computer Security and Cryptography by Alan G. Konheim

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

18.8 THE SECURE SOCKET LAYER (SSL)

SSL was originated by Netscape; it consists of several upper layer protocols5 by which a pair of users – the Client and the Server – agree on a key exchange method, an encipherment algorithm, and a message digest.

In what follows we go through the Handshake Protocol initiated by a client.

Phase 1 – Client Initiation The Client proposes the following (Fig. 18.11).

image

Figure 18.11 SSL Phase 1 (Client_Hello).

  1. A key exchange protocol. Possible choices include
    • RSA,
    • Diffie–Hellman.
  2. A data encipherment algorithm. Possible choices include
    • DES and DES3,
    • AES,
    • IDEA,
    • RSA's RC2 and RC4.
  3. A message digest algorithm. Possible choices include
    • RSA's MD5,
    • NIST's SHA.
  4. A random number referred to as random_bytes [28 bytes].
  5. A session ID designated as SessionID [variable length].
  6. A (lossless) compression method identifier [integer 1 ≤ C_ID < 511]; a complete specification is not included in the latest SSL-Specification.

Phase 1 – Server Response to Client_Hello: The Server accepts one of the choices made in the Client_Hello messages (Fig. 18.12).

Phase 2 – Server Authentication and Key Exchange: The Server delivers its certificate; when authentication/secrecy is enabled there is a key exchange. The Server requests a certificate from the Client (Fig. 18.13).

Figure 18.12 Server response to Client_Hello.

Figure 18.13 SSL Phase 2 – server authentication and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required