Home > Others

SSL protocol establishment process

Source: Internet
Author: User
Tags cipher suite
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Document directory
  • The SSL protocol

 

Secret Key Cryptography (Private Key) symmetric key

A B must know the private key in advance, and both parties use the same key for communication. Private Key Distribution is inconvenient. Different communication parties must use different keys. Otherwise

Third-party listeners and man-in-the-middle attacks

 

Public key cryptography Public Key asymmetric key

You can obtain the public key of a. Only a has the private key. The initiator B uses the public key of a to encrypt the data and send it to a. A decrypts the data with the private key and then uses the private key to encrypt the data and send it back to B. B view count

We can see that it does communicate with. The public key solves the authentication problem between both parties, but it still cannot solve the problem of data leakage. Because the public key of a is public

As long as the ciphertext sent by a is obtained, the information sent by a can be known.

 

 

Symmetric keys are fast, but not easy to distribute. Asymmetric keys are easy to distribute and slow. SSL uses asymmetric keys to distribute symmetric keys, and finally uses symmetric keys to solve communication security problems. At the same time, we can introduce CA to solve man-in-the-middle attacks!

 

 

Sun's JSSE Reference Document

Http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

 

 

The SSL protocol

 

 

The SSL messages are sent in the following order:

  1. Client Hello-The client sends the server information including the highest version of SSL it supports and a list of the cipher suites it supports. (TLS 1.0 is indicated as SSL 3.1 .) the cipher suite information provided DES cryptographic algorithms and key sizes.
  2. Server Hello-The server chooses the highest version of SSL and the best cipher suite that both the client and server support and sends this information to the client.
  3. Certificate-The server sends the client a certificate or a certificate chain. A certificate chain typically begins with the server's Public Key Certificate and ends with the Certificate Authority's root certificate. this message is optional, but is used whenever server authentication is required.
  4. Certificate Request-If the server needs to authenticate the client, it sends the client a certificate request. In Internet applications, this message is rarely sent.
  5. Server Key Exchange-The server sends the client a server key exchange message when the public key information sent in 3) abve is not sufficient for key exchange.
  6. Server Hello done-The server tells the client that it is finished with its initial negotiation messages.
  7. Certificate-If the server requests a certificate from the client in Message 4, the client sends its certificate chain, just as the server did in Message 3.

    Note: Only a few internet server applications ask for a certificate from the client.

  8. Client Key Exchange-The client generates information used to create a key to use for encryption Ric encryption. For RSA, the client then encrypts this key information with the server's public key and sends it to the server.
  9. Certificate verify-This message is sent when a client presents a certificate as abve. its purpose is to allow the server to complete the process of authenticating the client. when this message is used, the client sends information that it digitally signs using a cryptographic hash function. when the server decrypts this information with the client's public key, the server is able to authenticate the client.
  10. Change cipher spec-The client sends a message telling the server to change to encrypted mode.
  11. Finished-The client tells the server that it is ready for secure data communication to begin.
  12. Change cipher spec-The server sends a message telling the client to change to encrypted mode.
  13. Finished-The server tells the client that it is ready for secure data communication to begin. This is the end of the SSL handshake.
  14. Encrypted data-The client and the server communicate using the specified Ric encryption algorithm and the cryptographic hash function negotiated in messages 1 and 2, and using the secret key that the client sent to the server in Message 8.

  15. Close messages-At the end of the connection, each side will send a close_policy message to inform the peer that the connection is closed.

If the parameters generated during an SSL session are saved, these parameters can sometimes be re-used for future SSL sessions. Saving SSL session parameters allows encrypted communication to begin much more quickly.

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ssl certificate renewal process ssl renewal process err ssl protocol error git unknown ssl protocol error err ssl protocol error chrome secure sockets layer ssl protocol curl error 35 unknown ssl protocol

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More