18.8 THE SECURE SOCKET LAYER (SSL)

SSL was originated by Netscape; it consists of several upper layer protocols5 by which a pair of users – the Client and the Server – agree on a key exchange method, an encipherment algorithm, and a message digest.

In what follows we go through the Handshake Protocol initiated by a client.

Phase 1 – Client Initiation The Client proposes the following (Fig. 18.11).

image

Figure 18.11 SSL Phase 1 (Client_Hello).

  1. A key exchange protocol. Possible choices include
    • RSA,
    • Diffie–Hellman.
  2. A data encipherment algorithm. Possible choices include
    • DES and DES3,
    • AES,
    • IDEA,
    • RSA's RC2 and RC4.
  3. A message digest algorithm. Possible choices include
    • RSA's MD5,
    • NIST's SHA.
  4. A random number referred to as random_bytes [28 bytes].
  5. A session ID designated as SessionID [variable length].
  6. A (lossless) compression method identifier [integer 1 ≤ C_ID < 511]; a complete specification is not included in the latest SSL-Specification.

Phase 1 – Server Response to Client_Hello: The Server accepts one of the choices made in the Client_Hello messages (Fig. 18.12).

Phase 2 – Server Authentication and Key Exchange: The Server delivers its certificate; when authentication/secrecy is enabled there is a key exchange. The Server requests a certificate from the Client (Fig. 18.13).

Figure 18.12 Server response to Client_Hello.

Figure 18.13 SSL Phase 2 – server authentication and ...

Get Computer Security and Cryptography now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.