TLS: (Transport Layer Security )
TLS protocol is the IETF standard version of SSL protocol. Whose goal is to come out with an internet version of
SSL & TLS are very similar with slight difference. Following are the differences between TLS & SSL
Version : the current version of SSL is 3.0 & TLS is 1.0.
Cipher suite : SSL supports an algorithm called Fortezza whereas TLS does not support Fortezza.
Generation of Cryptographic secrets : TLS has more complex process of generation of cryptographic secrets than SSL. TLS uses pseudorandom function to create master secret.
Alert protocol : TLS supports all of the alerts defined in SSL except for no certificate, TLS also added some new ones like decryption failed, export restriction, protocol version, insufficient security, internal error.
Handshake protocol : TLS has made some changes in Handshake protocol, The details of the certificate verify message & the finished message have been changed.
Certificate verify message in SSL . The hash used in the certificate verify message is the two step hash of the handshake message plus a pad and the master secret, TLS has simplified the process by using hashes only over the handshake messages.
Finished messages: Hash calculation for the finished message has also been changed, TLS uses the PRF (pseudorandom function) to calculate two hashed used for finished message.
Record protocol : The only change in this protocol is the use of HMAC, instead of MAC for signing the message.
Pseudorandom Function (PRF)
PRF is the combination of two date expansion functions, one using MD5 & the other SHA -1
PRF takes three input, a secret a label and a seed.
The label & the seed are concatenated & serves as the seed for each date- expansion function The secret is divided into two halves ; each half is used as the secret for each data expansion function. The output of two data expansion function is exclusive – ored together to create the final expanded secret.
- As the hashes created froMD5 & SHA-1 are of different sized, extra section of md5 – based function must be created to make the two outputs the same size.