-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathSSL.protocol.txt
50 lines (47 loc) · 3.13 KB
/
SSL.protocol.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
┏━━━━━━━━━┓
┃ SSL ┃
┗━━━━━━━━━┛
Main:
- over TCP
- usually used by HTTP to provide confidentialy and authentication -> HTTPS
- all HTTP is encrypted, but not TCP layer, so host+port information is not encrypted
- can also infer session duration, and content length
- port 443
- previously SSL, now TLS (prefer TLS 1.2, supported by all browsers except IE10< and Safari Windows)
Protocol:
- session establishing (client authentication optional):
- client sends TLS params (TSL version supported, cipher and compression supported, a random number)
- server chooses protocols (sends them) and sends server certificate.
- client checks server certificate matches servers domain/identity.
If authentication problems, reaction depends on client: can stop, ignore or warn user (what web browsers do)
- client creates a pre-master secret, and sends it encrypted with server's public key.
Also sends client certificate.
- server checks client certificate. Authentication problems reaction: same as client.
- server decrypts pre-master secret (with its private key), and creates the final master secret by encrypting with
client public key.
- finishing handshakes (encrypted)
- data exchange:
- use shared master secret to generate session keys at known intervals, then use symetric cipher with it
- can choose between several asym. (RSA, [ephemeral] [eliptic] Diffie-Hellman, PSK) and sym. ciphers (AES, Camelia,
SEED, Chacha20, IDEA) with different modes of operation.
- forward secrecy:
- if one private key is compromised, cannot guess session keys (so can compromise future communication, but not past)
- only with ephemeral [eliptic] Diffie-Hellman
- session ID (optional):
- goal is to renegociate new sessions without spending too much time
- server keep session ID associated with shared master secret, and sends it to client who associates it with
server's host+port.
- client asks for new session with session ID, and servers acknowledges it, using the stored shared master secret.
- session tickets (optional, avoid it):
- like session ID, but stores only on the client (server has methods to verify it with its private key)
- NPN (Next Protocol Negocation):
- choosing which application protocols can be built on top of SSL, with priority order.
- client needs to be NPN-enabled, i.e. specifying a protocol
- ALPN: new version
- SNI (Server Name Indication):
- sharing one SSL server for different hosts with different certificates
- allows virtual hosting: one server IP for several HTTPS websites, without having a certificate with several domains
shared by all websites
- also more flexible to create new certificate for each new hos, instead of creating one new big certificate everytime
there is a new host
- client needs to be SNI-enabled, i.e. specifying a hostname (not only host IP) to connect to as part of the SSL handshake