Unformatted text preview: set of cryptographic security parameters to avoid negotiation of new security parameters for to each connection multiple simultaneous sessions between parties multiple possible but not used in practice possible SSL session SSL Record Protocol SSL provides confidentiality service used to encrypt SSL payload data used to form message authentication code used (MAC) (MAC) provides message integrity service Handshake Protocol defines shared secret Handshake keys for each of above services SSL Record Protocol Operation Operation Record Protocol Header Record content type (8 bits) change_cipher_spec, alert, handshake, and change_cipher_spec, application_data application_data no distinction between applications (eg. HTTP) content of application data opaque to SSL content opaque major version (8 bits) – SSL v3 is 3 minor version (8 bits) - SSLv3 value is 0 minor SSLv3 compressed length (16 bits) maximum 214 + 2048 Change Cipher Spec Protocol Change uses Record Protocol single message single byte value 1 cause pending state to be copied into current state current updates cipher suite to be used on this updates connection connection Alert Protocol Alert convey SSL-related alerts to peer entity alert messages compressed and encrypted alert messages two bytes first byte warning(1) or fatal(2) first
• • • if fatal, SSL immediately terminates connection other connections on session may continue no new connections on session second byte indicates specific alert
• eg. fatal alert is an incorrect MAC • eg. nonfatal alert is close_notify message Handshake Protocol Handshake
most complex protocol allows parties to authenticate each other and negotiate encryption and MAC and algorithm and cryptographic keys algorithm and series of messages with four p...
View Full Document