Details and differences between SSL and TLS security authentication protocols

Source: Internet
Author: User
Tags hmac
SSL: (SecureSocketLayer, Secure Socket Layer) is a protocol layer between reliable connection-oriented network layer protocol and application layer protocol. SSL authenticates each other, uses digital signatures to ensure integrity, and uses encryption to ensure privacy, so as to achieve secure communication between the client and the server. The protocol consists of two layers: SSL record protocol and SSL Handshake Protocol. TLS :( TransportLay

SSL: (Secure Socket Layer, Secure Socket Layer), a protocol Layer between a reliable connection-oriented network Layer protocol and an application Layer protocol. SSL authenticates each other, uses digital signatures to ensure integrity, and uses encryption to ensure privacy, so as to achieve secure communication between the client and the server. The protocol consists of two layers: SSL record protocol and SSL Handshake Protocol.

TLS: (Transport Layer Security, Transport Layer Security Protocol), used to provide confidentiality and data integrity between two applications. The protocol consists of two layers: TLS record protocol and TLS handshake protocol.

SSL is developed by Netscape to protect Web communication. The current version is 3.0. The latest version of TLS 1.0 is a new protocol developed by IETF (engineering task group). It is based on the SSL 3.0 protocol specification and is a later version of SSL 3.0. The difference between the two is very small. it can be understood as SSL 3.1, which is written into RFC.

SSL (Secure Socket Layer) is developed by Netscape to ensure the security of data transmission over the Internet, this ensures that data is not intercepted during network transmission. At present, the general specification is 40 bits, while the United States has released a 128 bits higher security standard, but the exit is restricted. Only the I. E. or Netscape browser later than Version 3.0 supports SSL. The current version is 3.0. It has been widely used for identity authentication and encrypted data transmission between Web browsers and servers.
The SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication. The SSL Protocol can be divided into two layers: SSL Record Protocol (SSL Record Protocol): it is built on a reliable transmission Protocol (such as TCP, provides data encapsulation, compression, encryption, and other basic functions for high-level protocols. SSL Handshake Protocol: it is built on the SSL record Protocol and used before the actual data transmission starts, both parties perform identity authentication, negotiate encryption algorithms, and exchange encryption keys.
SSL provides the following services:
1) authenticate users and servers to ensure that data is sent to the correct client and server;
2) encrypt data to prevent data theft;
3) maintain data integrity and ensure that data is not changed during transmission.

SSL protocol workflow:
Server Authentication Phase: 1) the client sends a start message "Hello" to the server to start a new session connection; 2) the server determines whether to generate a new master key based on the customer's information, if necessary, the server will contain the information required to generate the CMK when responding to the customer's "Hello" information. 3) the customer generates a CMK based on the server response information received, the CMK is encrypted with the public key of the server and then transmitted to the server. 4) the server restores the cmk and returns the CMK authentication information to the customer to authenticate the server.
User Authentication stage: before that, the server has passed the customer authentication, which completes the customer authentication. The authenticated server sends a question to the customer, and the customer returns the question signed by (number) and the public key to provide the server with authentication.
From the services provided by the SSL protocol and their workflow, we can see that the foundation of the SSL protocol is the merchant's commitment to the confidentiality of consumer information, which is conducive to the merchant and is not conducive to the consumer. In the early stage of e-commerce, most enterprises that operate e-commerce are large companies with high reputation, so this problem has not been fully exposed. However, with the development of e-commerce, various small and medium enterprises are also involved, which leads to the problem of single authentication in the electronic payment process becoming more and more prominent. Although SSL3.0 uses digital signatures and digital certificates to verify the identity of both the browser and the Web server, the SSL protocol still has some problems, such, the SSL protocol can only provide mutual authentication between the client and the server in the transaction. in electronic transactions involving multiple parties, the secure transmission and trust relationship between the parties cannot be coordinated. In this case, the two credit card organizations, Visa and MasterCard, have developed a SET agreement to provide global standards for online credit card payment.

TLS: secure transport layer protocol?
(TLS: Transport Layer Security Protocol)
Secure Transport layer (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two layers: the TLS Record Protocol (TLS Record) and the TLS Handshake protocol (TLS Handshake ). The lower layer is the TLS record Protocol, which is located on a reliable transmission protocol (such as TCP. The connection security provided by the TLS record protocol has two basic features:

Private-symmetric encryption is used for data encryption (DES, RC4, etc ). The key pair generated by symmetric encryption is unique for each connection, and the key is negotiated based on another protocol (such as the handshake protocol. The record protocol can also be used without encryption.
Reliability-information transmission includes information integrity checks on MAC keys. The secure hash function (SHA, MD5, etc.) is used for MAC computing. The record protocol can also operate without a MAC, but it can only be used in this mode, that is, another protocol is using the secure parameters of the record protocol transmission negotiation.
The TLS record protocol is used to encapsulate various high-level protocols. As one of these encapsulation protocols, the handshake protocol allows the server and client to authenticate each other before the application protocol transmits and receives the first data byte, and negotiate encryption algorithms and encryption keys. The connection security provided by the TLS handshake protocol has three basic attributes:

You can use asymmetric or public key cryptography to authenticate peer identities. This authentication is optional, but at least one node is required.
The negotiation of shared encryption keys is secure. It is hard for the hacker to obtain the negotiated encryption. In addition, authenticated connections cannot be encrypted, and even attackers can access the connection.
Negotiation is reliable. No attacker can modify communication negotiation without being detected by the communication party.
The biggest advantage of TLS is that TLS is independent from the application protocol. High-level protocols can be transparently distributed over TLS protocols. However, the TLS standard does not specify how applications increase security on TLS; it determines how to enable the TLS handshake protocol and how to explain the decision of the exchanged authentication certificate to the protocol designer and implementer.

Protocol structure

The TLS protocol includes two Protocol groups-TLS record protocol and TLS handshake protocol-each group has a lot of information in different formats. In this file, we only list protocol summaries and do not parse them. For more information, see related documents.

TLS record protocol is a hierarchical protocol. The information in each layer may contain fields such as length, description, and content. The record protocol supports information transmission, data segmentation to processing blocks, data compression, MAC, encryption, and transmission results. Decrypt, verify, decompress, and reorganize the received data, and then send them to the high-level client.

The TLS connection status refers to the operation environment of the TLS record protocol. It specifies the compression algorithm, encryption algorithm, and MAC algorithm.

The TLS record layer receives continuous data of any size without blank blocks from the top layer. Key computing: the record protocol uses algorithms to generate keys, IV, and MAC keys from the security parameters provided by the handshake protocol. The TLS handshake protocol consists of three sub-protocol groups, which allow peer-to-peer parties to reach an agreement on the security parameters of the record layer, perform self-authentication, negotiate security parameters through examples, and report error conditions to each other.

The link is .... Parallel relationship

The latest version of TLS (Transport Layer Security Protocol) is a new protocol developed by IETF (Internet Engineering Task Force, Internet Engineering Task Group, it is based on the SSL 3.0 protocol specification and is a later version of SSL 3.0. There is a significant difference between TLS and SSL3.0, mainly because they support different encryption algorithms, so TLS and SSL3.0 cannot interoperate.
1. differences between TLS and SSL
1) version number: the TLS record format is the same as the SSL record format, but the version number is different. The TLS version 1.0 uses the version number SSLv3.1.
2) message authentication code: SSLv3.0 and TLS have different MAC algorithms and MAC computing ranges. TLS uses the HMAC algorithm defined by the RFC-2104. SSLv3.0 uses a similar algorithm. The difference between SSLv3.0 and SSLv3.0 is that the padding byte and the key use the connection operation, while the HMAC algorithm uses the exclusive or operation. However, the two are of the same security level.
3) pseudo-random function: TLS uses a pseudo-random function called PRF to extend the key into a data block, which is a safer method.
4) alarm code: TLS supports almost all SSLv3.0 alarm codes, and TLS also defines a lot of alarm codes, such as decryption failure (decryption_failed) and record_overflow), unknown CA (unknown_ca), Access Denied (access_denied), etc.
5) ciphertext family and customer certificate: there is a small difference between SSLv3.0 and TLS, that is, TLS does not support Fortezza key exchange, encryption algorithms, and customer certificates.
6) certificate_verify and finished messages: SSLv3.0 and TLS use the certificate_verify and finished messages to calculate MD5 and SHA-1 hash codes. the input is slightly different, but the security is equivalent.
7) encrypted computing: TLS and SSLv3.0 use different methods to calculate the master secret value (master secret.
8) fill: The number of bytes to be added before data encryption. In SSL, the data length after filling must be a minimum integer multiple of the length of the ciphertext block. In TLS, the data length after filling can be any integer multiple of the length of the ciphertext block (but the maximum length of filling is 255 bytes ), this method can prevent attacks based on the analysis of the packet length.
2. main TLS enhancements
The main goal of TLS is to make SSL more secure and to make the protocol specification more accurate and complete. Based on SSL v3.0, TLS provides the following enhancements:
1) safer MAC algorithm;
2) more rigorous alerts;
3) a clearer definition of the "gray area" specification;
3. TLS security improvement
1) use the key hashing method for message authentication: TLS uses the "key hashing method for message authentication code" (HMAC). when records are transmitted over an open network (such as the Internet, this code ensures that records are not changed. SSLv3.0 also provides key-coded message authentication, but HMAC is more secure than the MAC function used by SSLv3.0 (message authentication code.
2) enhanced pseudo-random function (PRF): PRF generates key data. In TLS, HMAC defines PRF. PRF uses two hash algorithms to ensure its security. If any algorithm is exposed, data is still safe as long as the second algorithm is not exposed.
3) improved completed message verification: both TLS and SSLv3.0 provide completed messages to the two endpoints, and the messages exchanged for the message authentication are not changed. However, TLS makes the completed message based on the PRF and HMAC values, which is safer than SSLv3.0.
4) consistent certificate processing: Unlike SSLv3.0, TLS attempts to specify the certificate type that must be exchanged between TLS.
5) specific alert message: TLS provides more specific and additional alerts to indicate problems detected by any session endpoint. TLS also records when certain alarms should be sent.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.