|
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term "SSL" as used here applies to both protocols unless clarified by context.
Description SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; mutual authentication requires public key infrastructure (PKI) deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery. SSL involves three basic phases: During the first phase, the client and server negotiation uses cryptographic algorithms. Current implementations support the following choices: How it works The SSL protocol exchanges records; each record can be optionally compressed, encrypted and packed with a message authentication code (MAC). Each record has a content_type field that specifies which upper level protocol is being used. When the connection starts, the record level encapsulates another protocol, the handshake protocol, which has content_type 22. The client sends and receives several handshake structures: TLS/SSL have a variety of security measures: Applications SSL runs on layers beneath application protocols such as HTTP, FTP, SMTP and NNTP, and above the TCP or UDP transport protocol, which form part of the TCP/IP protocol suite. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce. It uses public key certificates to verify the identity of endpoints. An increasing number of client and server products support SSL natively, but many still lack support. As an alternative, users may wish to use standalone SSL products like Stunnel. Wrappers such as Stunnel rely on being able to obtain an SSL connection immediately, by simply connecting to a separate port reserved for the purpose. For example, by default the TCP port for HTTPS is 443, to distinguish it from HTTP on port 80. However, in 1997 the Internet Engineering Task Force recommended that application protocols always start unsecured and instead offer a way to upgrade to TLS - which a pure wrapper like Stunnel cannot cope with. SSL can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. Many vendors now marry SSL's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of the browser to enable support for client/server applications. When compared against traditional IPSec VPN technologies, SSL has some inherent advantages in firewall and NAT traversal that make it simpler to administer for large remote access populations. Vendors like Aventail, F5, Juniper, and others have been developing in this space for some time. History and development Developed by Netscape, SSL version 3.0 was released in 1996, which later served as the basis for TLS version 1.0, an IETF standard protocol first defined in RFC 2246. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet. SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers. Early weak keys Some early implementations of SSL could use a maximum of only 40-bit symmetric keys because of US government restrictions on the export of cryptographic technology. The US government explicitly imposed a 40-bit keyspace small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of changes in the market availability of 'better' cryptographic products produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away. Modern implementations use 128-bit (or longer) keys for symmetric key ciphers. Incorrect uses Some websites have been criticized for incorrectly using SSL and therefore negating its security benefits *. Such incorrect uses include: Both practices have been found present in many commercial websites such as those of Bank of America, Washington Mutual, JPMorgan Chase & Co. *, and Paypal *. Standards The first definition of TLS appeared in RFC 2246: "The TLS Protocol Version 1.0". The current approved version is 1.1, which is specified in RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1". Other RFCs subsequently extended TLS, including: Implementation Programmers may use the OpenSSL, NSS, or GnuTLS libraries for SSL/TLS functionality. Delphi programmers may use the library called Indy, which has ways of connecting components to an SSL intercept using the OpenSSL libraries. This enables the development of secure Web browsers and Web servers using Delphi/Indy/OpenSSL. The protocols supported are SSLv2, SSLv3, and TLS v1. TLS 1.1 As noted above, TLS 1.1 is the current approved version of the TLS protocol. TLS 1.1 clarifies some ambiguities and adds a number of recommendations. TLS 1.1 is very similar to TLS 1.0. The main reason for the new version number is a modified format for the encrypted RSA pre-master secret, which (if RSA is used) is part of the client key-exchange message. This modified format uses PKCS#1 v2.1, as opposed to PKCS TLS 1.1 is currently supported by Opera and GnuTLS. See also Software Organizations | ||||||||
|
| |||||||||
 |
|
| |