Analyze the application process of SSL Security Protocol

SSL is one of the common security protocols in network protocols. So you still don't know about this part of content? It doesn't matter. This article will help you understand the use of this Protocol. Now let's imagine an environment: when a customer wants to buy a product from a Web site, both the customer and the Web site must be authenticated. The customer generally authenticates himself by providing the name and password, the Web site exchanges a piece of signature data and a valid X.509 Certificate (as part of the SSL handshake) to authenticate itself. The customer's browser verifies the certificate and verifies the signature data with the attached Public Key. once both parties have authenticated the certificate, the transaction can begin ｡

SSL can process server authentication using the same mechanism (as in the above example) and client authentication. Web sites typically do not rely on the SSL security protocol for client authentication-requiring users to provide passwords is easier. SSL client and server authentication is perfect for transparent authentication, for example, transparent authentication is required between peers in p2p applications ｡

Secure Sockets Layer (SSL) is a security protocol, which is a network (such as the Internet) SSL enables applications to communicate without worrying about theft or tampering. SSL is actually two protocols that work together: "SSL record Protocol" (SSLRecord Protocol) and "SSL handshake Protocol" (SSLHandshake Protocol )｡

"SSL record protocol" is a lower-level protocol of the two protocols. It is a higher-level protocol, for example, the SSL handshake protocol encrypts and decrypts long data records. The SSL handshake protocol processes the exchange and verification of application creden ｡

When an application (client) wants to communicate with another application (server), the client opens a socket connection connected to the server. Then, the client and server negotiate secure connections. As part of the negotiation, the server authenticates itself to the client. The client can choose to authenticate itself to the server ｡

Once the authentication is completed and a secure connection is established, the two applications can communicate securely. In practice, I will regard the peer that initiates the communication as a client, another peer is considered as a server, No matter what role they play after connection ｡

The two peering machines named A and B want to communicate securely. In our simple p2p application environment, peer A wants to query A resource on peer B. Each peer has A database (named keystore) with its own private key) and a certificate containing its public key. Password protects the contents of the database ｡

The database also contains one or more self-signed certificates from trusted peer machines. Peer A initiates this transaction and each peer authenticates each other, the password and length used by the two peer-to-peer negotiation and a secure channel are established. After these operations are completed, each peer knows who it is talking to and who the channel is secure ｡

SSL Secure socket Layer uses public key systems and X.509 digital certificate technology to protect the confidentiality and integrity of information transmission. It cannot guarantee the non-repudiation of information, it is mainly applicable to point-to-point information transmission and is commonly used in Web Server mode ｡

SSL (Security Socket Layer) is a Security protocol based on WEB Applications proposed by Netscape. It includes Server Authentication and customer authentication (optional), SSL link data

Integrity and data confidentiality on the SSL link. for e-commerce applications, SSL can ensure the authenticity, integrity, and confidentiality of information, therefore, the non-repudiation of transactions cannot be provided, which is the biggest disadvantage of SSL in e-commerce ｡

In view of this, Netscape introduced a function called Form Signing in all browsers starting with Communicator 4.04. in e-commerce, this function can be used to digitally sign the form containing the buyer's order information and payment instruction to ensure the non-repudiation of the transaction information, it is not enough to use a single SSL security protocol in e-commerce to ensure transaction security, but the "SSL + form signature" mode can provide better security for e-commerce ｡