Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server. SSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack.
1. Secure Socket Layer Protocols:
- SSL record protocol
- Handshake protocol
- Change-cipher spec protocol
- Alert protocol
SSL Record provides two services to SSL connection.
- Confidentiality
- Message Integrity
Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.
- Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purposes.
- Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the Server-hello-end packet.
- Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key.
- Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
Change-cipher Protocol:
This protocol uses the SSL record protocol. Unless Handshake Protocol is completed, the SSL record Output will be in a pending state. After handshake protocol, the Pending state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state.
The level is further classified into two parts:
Silent Features of Secure Socket Layer:
The advantage of this approach is that the service can be tailored to the specific needs of the given application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide reliable end-to-end secure service.
2. Transport Layer Security (TLS)
Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was derived from a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or tampers with any message.
There are several benefits of TLS:
- Encryption:TLS/SSL can help to secure transmitted data using encryption.
- Interoperability:TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most operating systems and web servers.
- Algorithm flexibility:TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing algorithm that are used during the secure session.
- Ease of Deployment:Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
- Ease of Use:Because we implement TLS/SSL beneath the application layer, most of its operations are completely invisible to client.
The client connect to server (using TCP), the client will be something. The client sends number of specification:
- Version of SSL/TLS.
- which cipher suites, compression method it wants to use.
The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher suite from one of the clients option (if it supports one) and optionally picks a compression method. After this the basic setup is done, the server provides its certificate. This certificate must be trusted either by the client itself or a party that the client trusts. Having verified the certificate and being certain this server really is who he claims to be (and not a man in the middle), a key is exchanged. This can be a public key or simply nothing depending upon cipher suite.
Both Secure Socket Layer and Transport Layer Security are the protocols used to provide the security between web browser and web server.
SSL Vs TLS
S.NO | SSL | TLS |
1. | SSL | TLS |
2. | SSL | TLS |
3. | SSL | TLS |
4. | In | In |
5. | In | In |
6. | SSL | TLS |
7. | SSL | TLS |
0 comments:
Post a Comment