SSL protocol, this article will take you to understand

Language 2023-07-18 22:21:34 views: null

Introduction to SSL

 

SSL (Secure Sockets Layer) is a security protocol used to protect the security of data transmission on the Internet. The SSL protocol was originally developed by Netscape, and has now been replaced by the TLS (Transport Layer Security) protocol. Both the SSL protocol and the TLS protocol are designed to protect the security of data transmission. The TLS protocol is the successor of the SSL protocol. The version number of the TLS protocol is the version number of the SSL protocol plus 1.

SSL and TLS:

The SSL protocol is a security protocol used to protect the security of data transmission on the Internet. The TLS protocol is the successor of the SSL protocol, and the version number of the TLS protocol is the version number of the SSL protocol plus 1. The purpose of both the TLS protocol and the SSL protocol is to protect the security of data transmission. The TLS protocol is more secure than the SSL protocol, because the TLS protocol fixes some security loopholes in the SSL protocol.

SSL protocol introduction:

The SSL protocol is a security protocol used to protect the security of data transmission on the Internet. The SSL protocol was originally developed by Netscape and has now been superseded by the TLS protocol. The main function of the SSL protocol is to provide data encryption, identity authentication and data integrity protection. The SSL protocol protects the security of data transmission by using public key encryption technology and symmetric encryption technology. The encryption process of the SSL protocol is carried out at the transport layer, so it can protect the data transmission security of all application layer protocols.

SSL encryption well-known protocols:

 

There are many encryption algorithms used by the SSL protocol, among which the well-known ones are as follows:

1. RSA encryption algorithm: RSA is an asymmetric encryption algorithm used to encrypt and decrypt data. The security of the RSA algorithm is based on the problem of large number decomposition, that is, the problem of decomposing a large composite number into the product of two prime numbers.

2. AES encryption algorithm: AES is a symmetric encryption algorithm used to encrypt and decrypt data. The security of the AES algorithm is based on the confidentiality of the key, and only those who know the key can decrypt the data.

3. SHA encryption algorithm: SHA is a hash algorithm used to generate message digests. The security of the SHA algorithm is based on the irreversibility of the hash algorithm, that is, the original message cannot be deduced from the message digest.

Detailed explanation of SSL principle

 

SSL protocol structure:

The SSL protocol consists of four sub-protocols, namely the handshake protocol, the record protocol, the warning protocol and the application data protocol. The handshake protocol is used to establish an SSL connection, the record protocol is used to transmit application layer data, the warning protocol is used to transmit warning information, and the application data protocol is used to transmit application layer data.

If the SSL establishment phase is compared with IPSec:

The establishment process of the SSL protocol can be compared to the establishment process of the IPSec protocol. The IPSec protocol is a security protocol used to protect the security of data transmission at the IP layer. The establishment process of the IPSec protocol includes three stages: security association establishment, key agreement and data transmission. The establishment process of the SSL protocol also includes three stages, namely the handshake protocol, record protocol and application data protocol.

SSL principle (SSL establishment) handshake protocol overall process:

The SSL establishment process includes three stages: handshake protocol, record protocol and application data protocol. The handshake protocol is used to establish an SSL connection, the record protocol is used to transmit application layer data, and the application data protocol is used to transmit application layer data.

The first phase of SSL establishment:

In the first stage of SSL establishment, the client sends a ClientHello message to the server, including SSL version number, encryption algorithm list, random number and other information. After receiving the ClientHello message, the server sends a ServerHello message to the client, including information such as the SSL version number, encryption algorithm, and random number.

ClientHello

The ClientHello message includes information such as the SSL version number, encryption algorithm list, and random numbers. The SSL version number is used to specify the version number of the SSL protocol, the encryption algorithm list is used to specify the encryption algorithms supported by the client, and the random number is used to generate keys.

ServerHello

The ServerHello message includes information such as the SSL version number, encryption algorithm, and random number. The SSL version number is used to specify the version number of the SSL protocol, the encryption algorithm is used to specify the encryption algorithm selected by the server, and the random number is used to generate a key.

The second phase of SSL establishment:

In the second phase of SSL establishment, the server sends Certificate message, Server Key Exchange message, Certificate Request message and Server Hello Done message to the client. The Certificate message is used to transmit the server's certificate, the Server Key Exchange message is used to transmit the server's public key, the Certificate Request message is used to request the client to provide a certificate, and the Server Hello Done message is used to inform the client that the second phase of the handshake protocol has ended.

Certificate message (optional) - the first establishment must have a certificate

The Certificate message is used to transmit the server's certificate, which includes the server's public key and server identity information. After receiving the Certificate message, the client verifies whether the server's certificate is legal.

Server Key Exchange (optional)

The Server Key Exchange message is used to transmit the server's public key, which is used to encrypt data. If the server's certificate already contains the server's public key, the Server Key Exchange message can be omitted.

Certificate Request (optional) ------ can be one-way authentication, or two-way authentication

The Certificate Request message is used to request the client to provide a certificate, and the certificate is used for identity authentication of the client. If the server does not need to authenticate the client, the Certificate Request message can be omitted.

Server Hello Done

The Server Hello Done message is used to inform the client that the second phase of the handshake protocol has ended.

The third phase of SSL establishment:

In the third phase of SSL establishment, the client sends Certificate message, Client Key Exchange message and Certificate Verify message to the server. The Certificate message is used to transmit the client's certificate, the Client Key Exchange message is used to transmit the client's public key, and the Certificate Verify message is used to verify whether the client's certificate is legal.

Certificate (optional)

The Certificate message is used to transmit the certificate of the client, and the certificate includes the public key of the client and the identity information of the client. After receiving the Certificate message, the server verifies whether the client's certificate is legal.

Client Key exchange

The Client Key Exchange message is used to transmit the client's public key, and the client's public key is used to encrypt data.

Certificate verify (optional)

The Certificate Verify message is used to verify whether the client's certificate is legal. The client signs the certificate with its own private key, and the server verifies the signature with the client's public key.

The fourth phase of SSL establishment:

In the fourth phase of SSL establishment, the client and server exchange ChangeCipherSpec messages, Finished messages, and message authentication codes (HMAC). The ChangeCipherSpec message is used to inform the other party that the encryption algorithm has taken effect, the Finished message is used to inform the other party that the handshake protocol has been completed, and the message authentication code (HMAC) is used to ensure the integrity of data transmission.

ChangeCipherSpec :

The ChangeCipherSpec message is used to inform the other party that the encryption algorithm has taken effect, and both the client and the server will send the ChangeCipherSpec message.

Clinet Finished:

The Client Finished message is used to inform the server that the handshake protocol has been completed, and the client will calculate the Message Authentication Code (HMAC) of the Finished message.

Server Finished:

The Server Finished message is used to inform the client that the handshake protocol has been completed, and the server will calculate the Message Authentication Code (HMAC) of the Finished message.

Message Authentication Code (HMAC) and TLS Data Integrity:

Message Authentication Code (HMAC) is used to ensure the integrity of data transmission. HMAC is a message authentication code used to verify the integrity and authenticity of messages. TLS data integrity means that data has not been tampered with, deleted or inserted during data transmission.

Several important secret keys:

In the SSL protocol, there are several important secret keys, including PreMaster secret, Master secret, Client write secret, and Server write secret. The PreMaster secret is a random number generated through negotiation between the client and the server, and is used to generate the Master secret. Master secret is a key generated through negotiation between client and server, and is used to generate Client write secret and Server write secret. Client write secret and Server write secret are keys used to encrypt and decrypt data.

SSL session resume:

SSL session recovery means that when an SSL connection has been established, the client and server can reuse the key generated through previous negotiation, thereby avoiding the process of re-negotiation of the key. SSL session resumption improves the performance and security of SSL connections.

SSL record protocol:

 

The SSL record protocol is used to transmit application layer data. The SSL record protocol divides the application layer data into several records, and each record includes two parts: a record header and a record body. The record header includes information such as record type, record length, and protocol version number, and the record body includes application layer data.

Application data transfer:

Application data transmission means that after the SSL connection is successfully established, the client and server can transmit application layer data through the SSL record protocol. During the application data transmission process, the data will be encrypted and decrypted to ensure the security of data transmission.

Guess you like

Origin blog.csdn.net/weixin_74021557/article/details/131268049
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com