18.8 THE SECURE SOCKET LAYER (SSL)
SSL was originated by Netscape; it consists of several upper layer protocols5 by which a pair of users – the Client and the Server – agree on a key exchange method, an encipherment algorithm, and a message digest.
In what follows we go through the Handshake Protocol initiated by a client.
Phase 1 – Client Initiation The Client proposes the following (Fig. 18.11).
- A key exchange protocol. Possible choices include
- A data encipherment algorithm. Possible choices include
- DES and DES3,
- RSA's RC2 and RC4.
- A message digest algorithm. Possible choices include
- RSA's MD5,
- NIST's SHA.
- A random number referred to as random_bytes [28 bytes].
- A session ID designated as SessionID [variable length].
- A (lossless) compression method identifier [integer 1 ≤ C_ID < 511]; a complete specification is not included in the latest SSL-Specification.
Phase 1 – Server Response to Client_Hello: The Server accepts one of the choices made in the Client_Hello messages (Fig. 18.12).
Phase 2 – Server Authentication and Key Exchange: The Server delivers its certificate; when authentication/secrecy is enabled there is a key exchange. The Server requests a certificate from the Client (Fig. 18.13).