cryptography application tls / sslssl operations • application calls ssl connect routines to set...
TRANSCRIPT
![Page 1: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/1.jpg)
Issue Date:
Revision:
Cryptography ApplicationTLS / SSLPacNOG203 - 7 July, 2017
Suva, Fiji
[31-12-2015]
[V.1]
![Page 2: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/2.jpg)
History• Secure Sockets Layer was developed by Netscape in 1994 as a
protocol which permitted persistent and secure transactions.
• In 1997 an Open Source version of Netscape’s patented version was created, which is now OpenSSL.
• In 1999 the existing protocol was extended by a version now known as Transport Layer Security (TLS).
• By convention, the term "SSL" is used even when technically the TLS protocol is being used.
2
![Page 3: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/3.jpg)
TLS/SSL : What it does• Encryption
• Integrity
• Authentication
3
![Page 4: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/4.jpg)
Location of SSL Protocol & TCP Ports
4
Ethernet
IP
TCP
SSL Header
Encrypted SSL data = HTTP
![Page 5: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/5.jpg)
SSL Operations• Application calls SSL connect routines to set up channel.• Public Key cryptography is used during handshake to authenticate parties and
exchange session key.• Symmetric Key cryptography (using session key) is used to encrypt data.
5
![Page 6: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/6.jpg)
How SSL Works
6
1Sends HelloMessage
2
Supported algorithms, random number
Algorithms, random number
3
4
Certificate
5 6Encrypted pre-master secret
Sends HelloMessage
AuthenticationServer
SendsCertificates
Generates randomvalue
(pre-master secret &encrypts it
with the server’spublic key)
Decrypts to retrievepre-master secret
7Calculates Keys 7 Calculates Keys
8 8Sends finishedmessage
Sends finishedmessage
9 9Data
SSL Data Transfer Phase
SSL Handshake Phase
CLIENT SERVER
![Page 7: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/7.jpg)
SSL Protocol Building Block Functions
7
![Page 8: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/8.jpg)
SSL Handshake protocol
8
![Page 9: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/9.jpg)
SSL Alert Protocol
• Alert messages communicate the severity of the message and a description of the alert
• Fatal messages result in connection termination.
9
![Page 10: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/10.jpg)
SSL ChangeCipherSpec Protocol
• The ChangeCipherSpec layer is composed of one message that signals the beginning of secure communications between the client and server.
10
![Page 11: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/11.jpg)
Application Data Protocol
• Application data messages are carried by the record layer and are fragmented, compressed, and encrypted based on the current connection state. The messages are treated as transparent data to the record layer.
11
![Page 12: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/12.jpg)
Trusted vs Non Trusted Certificate
12
![Page 13: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/13.jpg)
Certificate Authority
13
![Page 14: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/14.jpg)
Chinese CA WoSign faces revocation after issuing fake certificates of Github, Microsoft and Alibaba
14
https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I/discussion
![Page 15: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/15.jpg)
Introducing Let’sEncrypt
15
https://letsencrypt.org/
![Page 16: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/16.jpg)
Introducing Let’sEncrypt
16
• Which browsers and operating systems support Let’s Encrypt– https://community.letsencrypt.org/t/which-browsers-and-operating-
systems-support-lets-encrypt/4394
• Check your browser– https://wiki.apnictraining.net
![Page 17: Cryptography Application TLS / SSLSSL Operations • Application calls SSL connect routines to set up channel. • Public Key cryptography is used during handshake to authenticate](https://reader034.vdocument.in/reader034/viewer/2022042601/5f7cedb98123ac009321c0a2/html5/thumbnails/17.jpg)
LAB
17