Securing Your TCP Server with TLS/SSL
WHAT’S IN THIS CHAPTER?
- Understanding how the Public Key Infrastructure works
- Creating a TLS server
- Connecting to a TLS server
- Validating the server and client certificates
- Receiving and sending data securely
TLS (Transport Layer Security) and SSL (Secure Socket Layer) allow client/server applications to communicate across a network in a way designed to prevent eavesdropping (others looking into your messages) and tampering (others changing your message). TLS/SSL encrypts the segments of network connections above the transport layer, enabling both privacy and message authentication.
TLS is based on earlier SSL specifications developed by Netscape. In fact, TLS 1.0 is also known as SSL 3.1, and the latest version (TLS 1.2) is also known as SSL 3.3. This chapter uses TLS instead of the deprecated SSL nomenclature.
UNDERSTANDING PRIVATE AND PUBLIC KEYS
Public key cryptography refers to a cryptographic system that requires two separate keys. One key is used to encrypt the plaintext, and the other key is used to decrypt the encrypted message. One of these keys is public, and the other is private. If the plaintext is encrypted using the public key, only the private key can unlock it, enabling private communication from the public to the private key owner. If the plaintext is encrypted using the private key, the public key can decrypt it. In this case the system verifies the signatures of the documents signed by the owner of the private ...