Secure Socket Layer (SSL), commonly known as Secure Socket Layer, was developed by Netscape Communitcation in 1990 to protect the security of Word Wide Web (WWW) communications. The main task is to provide privacy, information integrity and identity authentication. It was revised to SSLv2 in 1994 and SSLv3 in 1995.
The Transport Layer Security (TLS) standard protocol was promulgated by the IETF in 1999. On the whole, TLS is very similar to SSLv3, except that SSLv3 has been added and modified.
SSL protocol overview: SSL is a protocol that does not depend on the platform and the application program, and is used to ensure the security of the application. SSL is between the transport layer and the application layer, just like the application layer is connected to the socket of the transport layer.
There are two main phases to establish an SSL connection: the
first phase: Handshake phase
a, negotiate encryption algorithm
b, authentication server
c, establish the key for encryption and HMAC The
second phase: Secure data transfer phase (Secure data transmission stage)
In the established SSL connection, the secure transmission of data
SSL is a hierarchical protocol. The bottom layer is the SSL record protocol (SSL record protocol). The record protocol contains some information types or protocols. Use To complete different tasks.
Below we introduce the main functions of each protocol in SSL / TLS:
1. Record Protocol: (recording protocol) is the main encapsulation protocol, which transmits different high-level protocols and application layer data. It obtains information from upper-layer user protocols and transmits it, performs required tasks such as fragmentation, compression, MAC and encryption, and transmits the final data. It also performs reverse actions, decrypts, confirms, decompresses, and reassembles to obtain data. The recording protocol includes four upper-layer client protocols, Handshake protocol, Alert protocol, Change Cipher Spec protocol, and Application Data protocol.
2. Handshake Protocols: Handshake protocols are responsible for establishing and restoring SSL sessions. It consists of three sub-protocols.
a. Handshake Protocol negotiates the security parameters of the SSL session.
b. Alert Protocol (Alert Protocol) A transaction management protocol used to pass alarm information between SSL peers. The alarm information includes 1.errors, 2.exception conditions such as wrong MAC or decryption failure, 3.notification such as session termination.
c. Change Cipher Spec Protocol (change key specification) protocol, used to announce key policy conversion in subsequent records.
Handshake protocols are used to establish the connection between the SSL client and the server. This process consists of the following main tasks:
1. Negotiate security capabilities : Negotiate security capabilities: processing protocol versions and encryption algorithms.
2. Authentication (authentication): client authentication server, of course, the server can also authenticate clients.
3. Key exchange: The two parties exchange keys or information used to generate master keys.
4. Key derivation: The two parties derive the master secret, which is used to generate keys for data encryption and MAC.
3. Application Data protocol: (application data protocol) handles the transmission of upper-layer application data.
For the ssl building, please read my previous article
CentOS7 builds CA server to issue ssl certificate
Winserver03-Web SSL service build
centos7_vsftpd-ssl / tls build and ftp hardening
Packet capture analysis
