SSL ( Secure socket Layer )
This protocol is used for secure communication between the web browser & web server.
SSL protocol is located between the application layer & transport layer of the TCP/IP protocol suite i.e the application layer does not forward the data directly to the transport layer but it forwards to the SSL layer & the SSL layer performs encryption.
There are three protocols which are used by SSL :
- Handshake Protocol
- Record Protocol
- Handshake Protocol
This is the 1st protocol which is used between the client & the server for communications.
The handshake protocol messages are shown below :
Type indicated the type of message exchanged between the client & server
Length indicates the length of the message
Content indicates the actual message or the parameters
The handshake protocol consists of four phases :
i. Establish security capabilities
ii. Server authentication 7 key exchange
iii. Client authentication & key exchange
Step 1: Establishing security capabilities
This phase is limited by the client by sending a client Hello Message
Step 2 : Server authentication & Key exchange
In this phase the server initiated the communication :
- There server first sends its own digital certificates to the client
- If the server does not send its own digital certificates to the client in step 1
- The server requires for client’s digital certificate, however this request id optional.
- There server Hello done message indicated the client that the server portion of Hello message is complete After sending all these messages, the server waits for the client’s response.
Step 3 : Client authenticated & key exchange
This phase is initiated by the client,
The client sends its own certificate to the server, if & only if the server has requested it.
The client generated a symmetric key which both the parties will use during the session, It is called as master key secret & the client encrypts it with the server’s public key & then it sends to the server.
- This step is for client authentication for this client continues the master key secret with the random no which was agreed by the client & server earlier to generate a has & the client signs it with its own private key.
Step 4: Finish
This phase is initiated by the client.
- The client sends a finish message to the server & the server replies finish message to the client.