As we all know, network data transmission between different hosts is mainly completed through the TCP/IP network protocol. This is true for enterprise LAN data transmission and Internet data transmission. However, it is hard to figure out that no security was provided during the design of the TCP/IP protocol. That is to say, the TCP/IP protocol alone cannot guarantee the secure and stable transmission of data in the network. Therefore, the security of data in the network depends on high-level applications. With the development of Internet technology, there have been many solutions to improve the stability and security of network transportation. Today, I will talk about how to use SSL to meet this requirement using Cisco technology.
The SSL Chinese name is the Secure Sockets Layer Protocol, which uses TCP/IP to establish a secure connection for the high-level protocol. It runs on TCP/IP and high-level protocols to provide data transmission security. The SSL protocol consists of two branches: the SSL record protocol and the SSL handshake protocol.
Complete SSL record protocol in steps 1 and 3
The SSL record protocol is relatively simple. It defines the format of data transmitted over the network and encrypts it. At the same time, it also provides some verification methods to prevent data from being damaged by humans during transmission, thus affecting the stability of data transmission. To achieve these goals, you only need three simple steps.
Step 1: block. When the data on the upper layer is transferred to the layer where the SSL protocol is located, the data is segmented. Data transmitted from the upper layer is often transmitted in plain text. Generally, the data size after a chunk is smaller than 214 bytes. Generally, the data content format is not considered when the data is segmented, but only the size is considered. That is, different record messages with the same type will be combined into one record. If a record has a large capacity, it will be divided into multiple blocks.
Step 2: compress and encrypt the data. After partitioning, the SSL protocol compresses the data to be transmitted using a compression algorithm and encrypts the data during compression. The compression algorithm must ensure that data is not lost after compression. When the other end receives the data, it uses the corresponding decompression algorithm to decompress the data and complete the data decryption process.
Step 3: record the protection of the payload. Another concern during data transmission is the stability of data transmission. That is to say, whether the transmitted data has been accidentally changed or not. The SSL protocol also provides this protection. After the data is compressed and encrypted, the SSL record protocol calculates the complete verification value, which is the so-called message authentication code. During data transmission, the message authentication code is encrypted along with the preceding block. At the receiving end, the data is decrypted and decompressed, and the message authentication code is re-calculated to verify whether the data is accidentally modified during transmission.
Ii. SSL handshake protocol
The SSL record protocol only re-blocks and compresses and encrypts information on a single machine, without network connection. The SSL handshake protocol is mainly used to solve the connection problem between hosts. The SSL handshake protocol uses the SSL record protocol to exchange a series of information between two SSL-enabled devices to establish an SSL connection. The SSL handshake protocol is used to establish a connection, it mainly authenticates servers and customers, determines the encryption algorithm to be used, generates shared encryption information by using public key encryption technology, and establishes encrypted SSL connections.
Creating an SSL session is much more complex than the SSL record protocol. It usually takes multiple steps to complete the process. Due to space limitations, we will not proceed. If necessary, you can refer to relevant books. I will give some explanations on some easy-to-mix areas to facilitate the application of the SSL protocol.
First, select the encryption method. When SSL establishes a session to transmit data, make sure that each network device passing by supports the SSL protocol. Otherwise, data transmission problems may occur. Most network devices, including Cisco, now support the SSL protocol. However, there are 10 encryption methods used by the SSL protocol. Although all network devices currently support the SSL protocol, they may not support all encryption algorithms. To this end, the SSL protocol selects an encryption algorithm that is supported by all users during session creation. In scenarios with high security requirements, the network administrator needs to monitor the specific encryption algorithm used by the network administrator. If the security requirements of enterprises cannot be met, you must change the device or upgrade the device in time to meet the high encryption algorithm and security requirements.