An article for you to thoroughly understand the SSL / TLS protocol

An article for you to thoroughly understand the SSL / TLS protocol

SSL / TLS is a cryptographic communication framework. It is the most widely used cryptographic communication method in the world. SSL / TLS comprehensively uses symmetric cryptography in cryptography, message authentication codes, public key cryptography, digital signatures, pseudo-random number generators, etc. It can be said to be the master of cryptography.

SSL (Secure Socket Layer) is a set of protocols designed by Netscape in 1994 and released version 3.0 in 1995.

TLS (Transport Layer Security) is a protocol designed by IETF on the basis of SSL3.0, which is actually equivalent to the subsequent version of SSL.

Application of SSL / TLS

SSL / TLS is a secure communication framework, which can carry HTTP protocol or SMTP / POP3 protocol.

TLS protocol architecture

TLS is mainly divided into two layers. The bottom layer is the TLS recording protocol, which is mainly responsible for encrypting messages using symmetric ciphers.

The upper layer is the TLS handshake protocol, which is mainly divided into four parts: handshake protocol, password specification change protocol and application data protocol.

• The handshake protocol is responsible for negotiating cryptographic algorithms and shared keys between the client and server, including certificate authentication. It is the most complex part of the four protocols.

• The password specification change agreement is responsible for communicating the signal to the communication partner to change the password method

• The warning agreement is responsible for communicating the error to the other party when an error occurs

• The application data protocol is responsible for communicating the application data carried by TLS to the communication object.

Handshake agreement

The handshake protocol is a very important protocol in the TLS protocol. Through the interaction between the client and the server, and sharing some necessary information, a shared key and an interactive certificate are generated.

Don't speak, first picture:

Next, we introduce the meaning of each step step by step:

1. client hello

   The client sends a client hello message to the server, including the following:

   • Available version number
   • current time
   • Client random number
   • Session ID
   • List of available cipher suites
   • List of available compression methods

We mentioned earlier that TLS is actually a set of encryption frameworks, some of which are actually replaceable. Here the available version numbers, the list of available cipher suites, and the list of available compression methods are to ask the server which services the other side supports.

The client random number is a random number generated by the client and used to generate a symmetric key.

2. server hello

   After receiving the client hello message, the server will return a server hello message to the client, including the following content:

   • Version number used
   • current time
   • Server random number
   • Session ID
   • Cipher suite used
   • Compression method used

The version number used, the cipher suite used, and the compression method used are the answers to step 1.

The server random number is a random number generated by the server and used to generate a symmetric key.

3. Optional step: certificate

   The server sends its own certificate list, because the certificate may be hierarchical, so in addition to processing the server's own certificate, you also need to send the certificate signed for the server.
   The client will verify the server certificate. If communicating in an anonymous manner, no certificate is required.

4. Optional step: ServerKeyExchange

   If the certificate information in the third step is insufficient, you can send ServerKeyExchange to build an encrypted channel.

   The contents of ServerKeyExchange may contain two forms:

   • If the RSA protocol is selected, then the parameters (E, N) of RSA's public key cryptography are passed. Let's recall the formula for building a public key in RSA: $Ciphertext = plaintext ^ E \ mod \ N$, as long as you know E and N, then you know the RSA public key. Here, the two numbers E and N are passed. The specific content can refer to thedetailed explanation of the RSA algorithm
   • If the Diff-Hellman key exchange protocol is selected, the parameters of the key exchange are passed. For details, refer to the more secure key generation method Diffie-Hellman

5. Optional step: CertificateRequest

   If it is in a restricted-access environment, such as a fabric, the server also needs to request a certificate from the client.
   If client authentication is not required, this step is not required.

6. server hello done The
   server sends a server hello done message to tell the client that its message is over.

7. Optional step: Certificate

   In response to step 5, the client sends the client certificate to the server

8. ClientKeyExchange

   There are still two cases:

   • In the case of public key or RSA mode, the client will generate a preliminary master password based on the random number generated by the client and the random number generated by the server, and then use the public key to encrypt and return it to the server.
   • If the Diff-Hellman key exchange protocol is used, the client will send the value that the party needs to disclose to generate the Diff-Hellman key. The specific content can refer to the more secure key generation method Diffie-Hellman , so that the server can calculate the preliminary master password based on this public value.

9. Optional step: CertificateVerify

   The client proves to the server that it is the holder of the client certificate.

10. ChangeCipherSpec (prepare to switch password)

    ChangeCipherSpec is a message of the cipher specification change protocol, indicating that subsequent messages will be encrypted with the previously negotiated key.

11. finished (end of handshake agreement)

    The client tells the server that the handshake protocol is over.

12. ChangeCipherSpec (prepare to switch password)

    The server tells the client that he wants to switch the password.

13. finished (end of handshake agreement)

    The server tells the client that the handshake protocol is over.

14. Switch to application data protocol

    After that, the server and the client communicate with each other in an encrypted manner.

Master password and preliminary master password

Step 8 above generates a preliminary master password. The master password is generated according to the pseudo-random number generator + preliminary master password + client random number + server-side random number defined by the one-way hash function defined in the cipher suite.

The master password is mainly used to generate the key called the password, the key of the message authentication code and the initialization vector used in the CBC mode of the symmetric password. See block cipher and mode for details

TLS Record Protocol

The TLS recording protocol is mainly responsible for message compression, encryption and data authentication:

First picture.

The message will be segmented first, then compressed, and then the message verification code is calculated, and then encrypted with a symmetric password. The encryption uses the CBC mode. The initial vector of the CBC mode is generated by the master password.

After obtaining the ciphertext, additional information such as type, version, and length will be appended to form the final message data.

For more information, please visit flydean's blog