SSL Handshake process

First, what is SSL?

The Secure Sockets (SSL) protocol is a protocol that securely exchanges information between a Web Browser and a Web server.

SSL is between the application layer and the TCP layer, the application layer data is no longer passed directly to the transport layer, but to the SSL layer,SSL layer to encrypt the data received from the application layer and add its own SSL head.

History:1994 , Netscape Company designed the 1.0 version of the SSL protocol (Secure Sockets Layer), but it was not published. 1995  2 . version 0, soon found a serious loophole. 1996  3 . version 0 is available for large-scale applications. 1999  1 . version 0. Revisions of  2006 and111. 2.

0x1 : SSL Logging protocol: 1 ) (grouping, combination 2) compression, decompression 3) and message authentication   4) encrypted transmission, etc.

0x2 : SSL Handshake Protocol: 1  2). The negotiation client and server select both supported  cryptographic algorithms 345). Establish an encrypted SSL connection (the process is clear, and the handshake is complete before the data is encrypted.) ）

0x3: SSL Alarm Protocol: SSL Alarm Protocol message is composed of severity level and warning code two parts1. Severity level (Alertlevel)1Fatal Fatal level alarm is a fatal level alarm, it requires both parties to take emergency measures, and terminate the session, while eliminating their own buffer corresponding session record2waming Warning Level alarm is the processing of warning level alarm, usually the communication both sides only log record, it does not affect the communication process .2. Warning Codes1) Bad_record_mac: An incorrect Mac was received2) Unexpected_message: receiving inappropriate messages3decompression_failure: The decompression function received an inappropriate input. 4Illegal_parameter: One of the fields in the handshake message is out of range or incompatible with other fields. 5) Certificate_revoked: The certificate has been deprecated. 6Bad_certificate: The received certificate is incorrect. 7) Certificate_expired: The certificate has expired. 8) Handshake_failer: The handshake process failed. 9) No_certificate: No certificate providedTen) Unsupported_certificate: Unsupported certificate format One) Certificate_unknown: Unknown certificate

Second, What is the use of SSL?

1 Confidentiality : The data transmitted between the SSL client and the server is encrypted, and the information obtained by the illegal eavesdroppers in the network will be meaningless ciphertext information. 2 Integrity: SSL uses cryptographic algorithms and hash functions to ensure the integrity of the information by extracting the eigenvalues of the transmitted information and to ensure that all the information to be transmitted arrives at the destination, so that the information between the server and the client can be avoided.  3. Authentication: The use of certificate technology and trusted third-party authentication, you can let the client and the server identify each other's identity. In order to verify that the certificate holder is a legitimate user (rather than an imposter), SSL requires the certificate holder to exchange a digital certificate with each other during the handshake and to verify the legitimacy of the identity of the other party. 

Third, the difference between SSL and TLS :

1. Version number: The TLS record format is the same as the SSL record format, but the version number has a different value, and TLS version 1.0 uses the version number SSLV3.1. 2. Message authentication code: MAC algorithm of SSLv3.0 and TLS and Mac computing range are different. TLS uses the rfc-2104 the HMAC algorithm defined. SSLV3.0 uses a similar algorithm, the difference is in the SSLv3.0, the padding between the bytes and the key is the connection operation, and the HMAC algorithm is an XOR operation. But the degree of security is the same. 3. Pseudo-Random functions: TLS is a more secure way to use pseudo-random functions called PRF to extend a key into a block of data. 4. Alarm code: TLS supports almost all SSLv3.0 alarm codes, and TLS also complements the definition of many alarm codes, such as1) decryption failed (decryption_failed)2) record overflow (record_overflow)3) Unknown CA (Unknown_ca)4) Access Denied (access_denied) and so on. 5. Ciphertext and client certificates: There is a small difference between SSLv3.0 and TLS, that is, TLS"not supported":    1) Fortezza Key exchange2) encryption Algorithm3) Customer certificate. 6. Certificate_verify and finished messages: SSLv3.0 and TLS compute finished and SHA with certificate_verify and MD5 messages1 hash code, the calculated input is slightly different, but the security is equal. 7. Cryptographic calculation: TLS differs from SSLv3.0 in the way that the master secret is computed. However, both the client and the server generate random number ramdom as input8. padding: Additional padding bytes are required before user data is encrypted. In SSL, the length of the filled data is the smallest integer multiple of the length of the ciphertext block. In TLS, the length of the filled data can be any integer multiple of the length of the cipher block (but the maximum length of the padding is 255 bytes), which prevents attacks based on parsing the length of the message.

Iv. SSL Process

0x1: The first two parts of the process are called "handshake stages"

1 ) The client requests and verifies the public key    from the server side 2) both parties negotiate to generate a "dialog key" (without the communication party's public key to encrypt < time >, only use the other's public key to encrypt the "key" generated by the local side)3) The two parties use "dialogue key" for encrypted communication.

0x2: The process only focuses on one-way certification

1. Client Hello: First, Clients (browsers) first make encrypted communication requests to the server, which is called the ClientHello request.

1 1 . version 0.  2) A client-generated random number A, which is later used to generate a " conversation key ".  3) encryption method: Support a variety of asymmetric encryption methods, a variety of symmetric encryption methods, a variety of Mac algorithm 4)  supported compression methods.

2.Server Hello:

1 1 . version 0. If the browser does not match the version supported by the server, the server turns off encrypted communication.  2) a server generates a random number B, which is later used to generate a " conversation key ".  3) Confirm the encryption method used: Select a collection from the client: {Symmetric encryption algorithm, asymmetric encryption algorithm, MAC check algorithm}

3. Certificate: server will "carry the digital certificate of its own public key information" and the entire chain to the root CA through Certificate message sent to SSL Client (entire Public key file sent past)

1) The client can use the public key to verify the identity of the server

The messages in the certificate include:

In general, the client receives a certificate chain, the first one is the server's certificate, followed by the server certificate issuer, and finally the self-signed root certificate. For example, in the actual parsing, you first verify the root CA 's certificate, then the direct certificate issuer certificate, and finally the server terminal certificate.

How to judge the validity of a certificate:

~ legitimacy of the issuer (hash value)~ validity ~ The signature value is legal: first, the contents of the certificate in addition to the signature value in accordance with the signature algorithm in the certificate signature, The resulting signature is encoded according to ASN.1 encoding: The signature algorithm in object Format + the signature value in asn_octet_string format A; the signature value in the certificate is decrypted by the principal public key algorithm in the certificate. B ; When a and B are identical, the certificate is considered valid (the method of calculating the signature value in the process of certificate making: A is calculated, and the client computing method is the same, the server private key is used to encrypt a, and the signature value in the certificate is obtained)

2) Public key cryptography Pre-naster Secret (Client key Exchange)

Assuming that the above certificate validation is passed, this meansClientbelieveServerthe certificate sent, it meansClientagree to useServersent over.Public Keystarted the newsletter. Note that the process of asymmetric encryption begins here.。Clientgenerates apre-master Secret(usually also a random number)P, usingServerprovided byPublic KeyEncryptPgenerated laterP 'WillP 'was sent toServer.

ServerreceivedP 'after, with their ownprivate Keydecryption restores theP. Watch this .Pand beforeAThe biggest difference is the encryption transmitted over the OH. And in theory ,Serverdidn't reveal himself .private Keythe case, onlyServercan fromP 'Restore outP. So, at this point,Clientand theServerBoth parties already have the ability to use symmetric encryption when generating communication behind both sides.Master Secretcondition: There is a deterministic pseudo-random function on both sides,3a random number that we know about each other.A,Band theP. Thus, both sides in their own side, through the common pseudo-random number and common material, generated out ofMaster Secret.

--------------

Why use three random numbers?

1) " both the client and the server require a random number so that the generated key will not be the same every time. Because the certificate is static in the SSL protocol, it is necessary to introduce a stochastic factor to guarantee the randomness of the negotiated key. 2) for RSA key exchange algorithm, pre-master-key itself is a random number, plus the random in the Hello message, three random numbers through a key exporter to finally export a symmetric key. 3) The existence of pre-master is that the SSL protocol does not trust each host to produce a completely random random number, if the random number is not random, then the pre-master secret may be guessed, then only the pre-master secret
As the key is not appropriate, so the need to introduce new random factors, then the client and server plus the pre-master secret three random number generated by the key is not easy to guess, a pseudo-random may be completely random, but
is three pseudo-random is very close to random, each increase of a degree of freedom, the randomness of the increase is not one. "

4. Change cipher Spec: After the communication parties have negotiated the symmetric encryption key and symmetric encryption algorithm, use this message to test

1) Client uses mutually agreed MAC (message authentication code) algorithms, such as MD5 to encrypt a section of plaintext Q, generate a Mac, and then encrypt Q and Mac with a symmetric encryption algorithm (such as AES) that both parties agree on,
  Generate a change Cipher Spec (content type:). 2) After the server receives the TLS record, it attempts to decrypt the text and verifies that the content has been tampered with by the agreed Mac algorithm. If either of these two jobs fails, it will be wasted. The assumptions are successful here.
  So the server did the same thing as the client: Generate a Content type 20 change cipher spec to the client, so that the entire handshake process officially ended.

5. The following communication is the direct use of the symmetric encryption algorithm directly to decrypt the message process, each interaction process, will also include the above described in the MAC verification process.

Reference: Most of the information comes from the Internet, I just sort it out. Style is plagiarism little Hann God's ~ do not spray

http://www.cnblogs.com/LittleHann/p/3733469.htmlhttp://www.ruanyifeng.com/blog/ 2014/02/ssl_tls.htmlhttp://www.2cto.com/Article/201404/291859.htmlhttp: // blog.csdn.net/sealyao/article/details/5901510

SSL Handshake process