18.8 THE SECURE SOCKET LAYER (SSL)

SSL was originated by Netscape; it consists of several upper layer protocols5 by which a pair of users – the Client and the Server – agree on a key exchange method, an encipherment algorithm, and a message digest.

In what follows we go through the Handshake Protocol initiated by a client.

Phase 1 – Client Initiation The Client proposes the following (Fig. 18.11).

image

Figure 18.11 SSL Phase 1 (Client_Hello).

  1. A key exchange protocol. Possible choices include
    • RSA,
    • Diffie–Hellman.
  2. A data encipherment algorithm. Possible choices include
    • DES and DES3,
    • AES,
    • IDEA,
    • RSA's RC2 and RC4.
  3. A message digest algorithm. Possible choices include
    • RSA's MD5,
    • NIST's SHA.
  4. A random number referred to as random_bytes [28 bytes].
  5. A session ID designated as SessionID [variable length].
  6. A (lossless) compression method identifier [integer 1 ≤ C_ID < 511]; a complete specification is not included in the latest SSL-Specification.

Phase 1 – Server Response to Client_Hello: The Server accepts one of the choices made in the Client_Hello messages (Fig. 18.12).

Phase 2 – Server Authentication and Key Exchange: The Server delivers its certificate; when authentication/secrecy is enabled there is a key exchange. The Server requests a certificate from the Client (Fig. 18.13).

Figure 18.12 Server response to Client_Hello.

Figure 18.13 SSL Phase 2 – server authentication and ...

Get Computer Security and Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.