Secure Sockets Layer :
SSL is cryptographic protocols that provide security and data integrity for communications over TCP/IP networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
SSL is cryptographic protocols that provide security and data integrity for communications over TCP/IP networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
SSL has a variety of security measures:
- The client may use the certificate authority's (CA's)
public key to validate the CA's digital signature on the server certificate.
If the digital signature can be verified, the client accepts the server
certificate as a valid certificate issued by a trusted CA. - The client verifies that the issuing CA is on its list of trusted CAs.
- The client checks the server's certificate validity period. The
authentication process stops if the current date and time fall outside of the
validity period. - Protection against a downgrade of the protocol to a previous (less secure)
version or a weaker cipher suite. - Numbering all the Application records with a sequence number, and using this
sequence number in the message authentication codes
(MACs). - Using a message digest enhanced with a key (so only a key-holder can check
the MAC). This is specified in RFC 2104. TLS only. - The message that ends the handshake ("Finished") sends a hash of all the
exchanged handshake messages seen by both parties. - The pseudorandom
function splits the input data in half and processes each one with a different
hashing algorithm (MD5 and SHA-1), then XORs them together to create
the MAC. This provides protection even if one of these algorithms is found to be
vulnerable. TLS only. - SSL v3 improved upon SSL v2 by adding SHA-1 based ciphers, and support for
certificate authentication. Additional improvements in SSL v3 include better
handshake protocol flow and increased resistance to man-in-the-middle attacks.
SSL v2 is flawed in a variety of ways:
- Identical cryptographic keys are used for message authentication and
encryption. - MACs are unnecessarily weakened in the "export mode" required by U.S. export
restrictions (symmetric key length was limited to 40 bits in Netscape and
Internet Explorer). - SSL v2 has a weak MAC construction and relies solely on the MD5 hash
function. - SSL v2 does not have any protection for the handshake, meaning a man-in-the-middle downgrade attack can
go undetected. - SSL v2 uses the TCP connection close to indicate the end of data. This means
that truncation attacks are possible: the attacker simply forges a TCP FIN,
leaving the recipient unaware of an illegitimate end of data message (SSL v3
fixes this problem by having an explicit closure alert). - SSL v2 assumes a single service, and a fixed domain certificate, which
clashes with the standard feature of virtual hosting in webservers. This means
that most websites are practically impaired from using SSL. TLS/SNI
fixes this but is not deployed in webservers as yet.
SSL v2 is disabled by default in Internet Explorer 7, Mozilla Firefox and Safari. After
it sends a TLS ClientHello, if Mozilla Firefox finds that the server is
unable to complete the handshake, it will attempt to fall back to using
SSL 3.0 with an SSL 3.0 ClientHello in SSL v2 format to maximize the
likelihood of successfully handshaking with older servers.Support for SSL v2
(and weak 40-bit
and 56-bit ciphers) has been removed completely from Opera .
