Transport Layer   Security   Mrinal Wadhwa   http://www.mrinalwadhwa.com
SSL v1before 1995, internal to Netscape, never released
SSL v2           draft published in FEB 1995          SSL 0.2 PROTOCOL SPECIFICATIONhttp://www.mozilla.org/projects/securi...
SSL v3           draft published in NOV 1996                 The SSL Protocol Version 3.0http://www.mozilla.org/projects/s...
TLS 1.0RFC 2446 - in Jan 1999   The TLS Protocol Version 1.0 http://tools.ietf.org/html/rfc2246
TLS 1.1     RFC 4346 - in April 2006The Transport Layer Security (TLS) Protocol Version 1.1          http://tools.ietf.org...
TLS 1.2     RFC 5246 - in August 2008The Transport Layer Security (TLS) Protocol Version 1.2          http://tools.ietf.or...
"The TLS protocol provides communications security  over the Internet. The protocol allows client/serverapplications to co...
Record Protocol http://tools.ietf.org/html/rfc5246#section-6
The Record Protocol takes messages to be transmitted, fragments the   data into manageable blocks, optionally compresses t...
struct {           ConnectionEnd         entity;           PRFAlgorithm           prf_algorithm;           BulkCipherAlgor...
Change Cipher Spec     Protocol  http://tools.ietf.org/html/rfc5246#section-7.1
Alert Protocolhttp://tools.ietf.org/html/rfc5246#section-7.2
Handshake Protocol             a simplified discussion  http://tools.ietf.org/html/rfc5246#section-7.3
Hello Requesthttp://tools.ietf.org/html/rfc5246#section-7.4.1.1            struct { } HelloRequest;
Client Hello      http://tools.ietf.org/html/rfc5246#section-7.4.1.2struct {           ProtocolVersion client_version;    ...
CIPHER SUITES             TLS_RSA_WITH_AES_128_CBC_SHA     "The connection is encrypted using AES_128_CBC, with SHA1 for  ...
CIPHER SUITESTLS_RSA_WITH_AES_128_CBC_SHA      Key Exchange - RSA      Cipher - AES_128_CBC      Mac - SHA (HMAC-SHA1)
Server Hello      http://tools.ietf.org/html/rfc5246#section-7.4.1.3struct {           ProtocolVersion server_version;    ...
Server Certificatehttp://tools.ietf.org/html/rfc5246#section-7.4.2       opaque ASN.1Cert<1..2^24-1>;       struct {      ...
Server Hello Donehttp://tools.ietf.org/html/rfc5246#section-7.4.5           struct { } ServerHelloDone;
Client Key Exchange Messagehttp://tools.ietf.org/html/rfc5246#section-7.4.7 struct {            select (KeyExchangeAlgorit...
Finishedhttp://tools.ietf.org/html/rfc5246#section-7.4.9   struct {              opaque verify_data[verify_data_length];  ...
?
- mrinalwadhwa.com- email@mrinalwadhwa.com- @mrinal- github.com/mrinalwadhwa
Upcoming SlideShare
Loading in …5
×

Transport Layer Security - Mrinal Wadhwa

1,970 views

Published on

a simple introduction to the TLS 1.2 spec presented at null bangalore on 20th August 2011
http://null.co.in/

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,970
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transport Layer Security - Mrinal Wadhwa

  1. 1. Transport Layer Security Mrinal Wadhwa http://www.mrinalwadhwa.com
  2. 2. SSL v1before 1995, internal to Netscape, never released
  3. 3. SSL v2 draft published in FEB 1995 SSL 0.2 PROTOCOL SPECIFICATIONhttp://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
  4. 4. SSL v3 draft published in NOV 1996 The SSL Protocol Version 3.0http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
  5. 5. TLS 1.0RFC 2446 - in Jan 1999 The TLS Protocol Version 1.0 http://tools.ietf.org/html/rfc2246
  6. 6. TLS 1.1 RFC 4346 - in April 2006The Transport Layer Security (TLS) Protocol Version 1.1 http://tools.ietf.org/html/rfc4346
  7. 7. TLS 1.2 RFC 5246 - in August 2008The Transport Layer Security (TLS) Protocol Version 1.2 http://tools.ietf.org/html/rfc5246
  8. 8. "The TLS protocol provides communications security over the Internet. The protocol allows client/serverapplications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery." - The Transport Layer Security (TLS) Protocol Version 1.2
  9. 9. Record Protocol http://tools.ietf.org/html/rfc5246#section-6
  10. 10. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.
  11. 11. struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;
  12. 12. Change Cipher Spec Protocol http://tools.ietf.org/html/rfc5246#section-7.1
  13. 13. Alert Protocolhttp://tools.ietf.org/html/rfc5246#section-7.2
  14. 14. Handshake Protocol a simplified discussion http://tools.ietf.org/html/rfc5246#section-7.3
  15. 15. Hello Requesthttp://tools.ietf.org/html/rfc5246#section-7.4.1.1 struct { } HelloRequest;
  16. 16. Client Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.2struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;
  17. 17. CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA "The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism."Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
  18. 18. CIPHER SUITESTLS_RSA_WITH_AES_128_CBC_SHA Key Exchange - RSA Cipher - AES_128_CBC Mac - SHA (HMAC-SHA1)
  19. 19. Server Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.3struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;
  20. 20. Server Certificatehttp://tools.ietf.org/html/rfc5246#section-7.4.2 opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate;
  21. 21. Server Hello Donehttp://tools.ietf.org/html/rfc5246#section-7.4.5 struct { } ServerHelloDone;
  22. 22. Client Key Exchange Messagehttp://tools.ietf.org/html/rfc5246#section-7.4.7 struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;
  23. 23. Finishedhttp://tools.ietf.org/html/rfc5246#section-7.4.9 struct { opaque verify_data[verify_data_length]; } Finished;
  24. 24. ?
  25. 25. - mrinalwadhwa.com- email@mrinalwadhwa.com- @mrinal- github.com/mrinalwadhwa

×