SSL protocol structure
As shown in Figure 1, SSL functions between the application and transport layers. It secures data transmission for any application layer protocol based on TCP connections. SSL is divided into two layers: lower layer with the SSL record protocol and upper layer with the SSL handshake protocol, SSL change cipher spec protocol, and SSL alert protocol.
SSL handshake process
The client and server negotiate session parameters during the SSL handshake process to establish a session. Session parameters mainly include the session identifier, peer certificate, cipher suite, and master secret. The master secret and cipher suite are used to compute a MAC and encrypt data to be transmitted in this session.
The SSL handshake process varies according to the real-world situations. Handshake processes in three situations are described as follows:
SSL handshake process in which only the server is authenticated
After receiving the Finished message from the server, if the client successfully decrypts the message, the client checks whether the server is the owner of the digital certificate. Only the SSL server that has a specified private key can decrypt the ClientKeyExchange message to obtain the master secret. In this process, the client authenticates the server.
SSL handshake verification
SSL handshake process for resuming a session
SSL uses symmetric cryptography to encrypt data to be transmitted and the key exchange algorithm Rivest Shamir and Adleman (RSA), which is one of asymmetric algorithms, to encrypt the key used by the symmetric cryptography.
To ensure high security, do not use the RSA key pair whose length is less than 2048 digits.
Digital-signed certificates are used to authenticate a server and a client that attempt to communicate with each other. Authenticating the client identity is optional. The SSL server and client use the mechanism provided by the Public Key Infrastructure (PKI) to apply to a CA for a certificate.
A keyed MAC is used to verify message integrity during transmission.
A MAC algorithm computes a key and arbitrary-length data to output a MAC.
If the two MACs are the same, the message has not been tampered during transmission. If the two MACs are different, the message has been tampered during transmission, and the receiver will discard this message.