SSL (Handshake)

No replies
Joined: 2010/11/19

Today I will talk about SSL, but precisely on the SSL handshake, but the main focus, we know what is SSL and other fundamental principles!

SSL (Secure Socket Layer)
good, the 'protocol' SSL was primarily developed for encripitar, authenticate. if you do not know what it does or what it does, will know now.

Encryption: Protects data against an access autozizado not, by means of cryptographic algorithms, before sending them.

Authentication: method used to determine the 'identity' of the sender, for an example: when you try to connect to a web server in a secure connection, is introduced to the client if you, a series of credentials through a 'certificate' for mension already checking the 'identity' of the sender.

And as the name says .. 'Secure socket layer' acts as the SSL socket connected by our famous: TCP
then we can analyze an SSL as nothing more than a similar connection as TCP that only 'safe'.

(SSL handshake)
As I said we might think that SSL is that neither the TCP but 'safe' then there's your connection that is different from TCP, and that is our focus then go to the SSL Handshake

First we have a series of 'frills' lol ..

starts an agreement that is set the protocol version, then are selected algaritimos encryption, and finally, exchange of public keys.

Now for an SSL Handshake!

1 Customer (Client Hello Message )-------------------------> Server
2 <-------------------------( Server Client Hello Message) Server
Certificate 3 Client <-------------------------() Server
4 <-------------------------( Client Server Key Exchange Message) Server
5 th Customer ------------------------- (Certificate) Server
Client 6 (Certificate) or (No Certificate Server )-------------------------> Alert
7 Client (Client Key Exchange Message )-------------------------> Server
8 Customer (Change Cipher Spec Message )-------------------------> Server
Client 9 (Finished )-------------------------> Server Message
10 º Client Change Cipher Spec Message <-------------------------() Server
Customer Finished 11th <-------------------------( Message) Server

12 Handshake Completed!

Ready folks, to this my 'picture' of an SSL connection you guys can have a better understanding, but you just do not understand yet, Do not worry I will explain each step in detail the connection!

Step 1: Client sends a connection request (Client Hello message)
Step 2: Server to accept the connection sends a "Message from Hello from server" showing that accepted the connection
Step 3: Server sends your 'Certificate'
Step 4: Server sends its key (key exchange message)
Step 5: Server asks the client certificate
Step 6: Client sends your certificate or if not, sends a warning that no one has sertificado (Alert of non-certified)
Step 7: The client sends its key (key exchange message)
Step 8: The client sends a "Change Cipher Spec Message" which serves to detect any change in the data between the time it was sent and the time it was received during the SSL connection
Step 9: The Client sends a message that is over the "rock n 'rolla" lol .. (End of message)
Step 10: Server en route to "Change Cipher Spec Message" which has been explained! so read all his wise guy!
Step 11: Server sends a message that is over any connection (end of message)

12 End of the Handshake in which the process is completed!

Finish .

By: f0nt_Drk