Scribd
Upload
33 views11 pages

SSL Protocols for Web Security

Uploaded by

shashankmharse1533
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
33 views11 pages

SSL Protocols for Web Security

Uploaded by

shashankmharse1533
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 11

Secure Socket Layer

Visit for more Learning Resources


Secure Socket Layer(SSL)
• managing the security of a message
transmission between web browser and web
server.
• SSL is included as part of both the Microsoft
and Netscape browsers and most web server
products.
• SSL is logically a pipe between web browser
and web server.
SSL Architecture
• It is two layer protocol
• Layer 1: SSL Record Protocol
• Layer 2: It is three layer protocol
» The Handshake protocol
» The change Cipher Spec Protocol
» The Alert protocol
SSL Record Protocol
• Provides two services:
– Confidentiality
• By encrypting data
– Message Integrity
• by using a message authentication code (MAC)
SSL Record Protocol
• The Record Protocol takes an application
message to be transmitted, fragments the
data into manageable blocks, optionally
compresses the data, applies a MAC, encrypts,
adds a header, and transmits the resulting
unit in a TCP segment. Received data is
decrypted, verified, decompressed, and
reassembled and then delivered to the calling
application, such as the browser.
Handshake Protocol

• The most complex part of SSL is the Handshake


Protocol.
• This protocol allows the server and client to
authenticate each other and to negotiate an
encryption and MAC algorithm and cryptographic
keys to be used to protect data sent in an SSL
record.
• The Handshake Protocol is used before any
application data is transmitted.
• The Handshake Protocol consists of a series of
messages exchanged by the client and the server.
Change Cipher Spec Protocol

• It is the simplest protocol.


• This protocol consists of a single message, which consists of
a single byte with the value 1.
• The sole purpose of this message is to cause the pending
state to be copied into the current state, which updates the
Cipher Suite to be used on this connection.
• This signal is used as a coordination signal.
• The client must send it to the server and the server must
send it to the client.
• After each side has received it, all of the following
messages are sent using the agreed-upon ciphers and keys
Alert Protocol
• It is used to convey SSL-related alerts.
• Each message in this protocol consists of two
bytes.
• The first byte takes the value "warning" (1) or
"fatal"(2) to convey the severity of the
message. If the level is fatal, SSL immediately
terminates the connection.

For more detail contact us

You might also like