SSL and TLS are cryptographic protocols that provide secure communication on the internet. They use public/private key encryption to authenticate servers and establish encrypted connections. While similar, TLS is the standardized successor to SSL. Key differences include TLS using HMAC for integrity checking and having additional alert codes not found in SSL. Both protocols operate at the transport layer and provide data confidentiality, integrity, and server authentication.

1. Secure Socket Layer
&
Transport Layer Security

2. Secure Socket Layer
(SSL)

3. What is SSL?

4. Cont…
O Transport layer security service.
O Originally developed by Netscape.
O Version 3 designed with public input
O Subsequently became Internet standard
known as TLS (Transport Layer Security).
O Uses TCP to provide a reliable end-to-end
service.
O SSL has two layers of protocols.

5. Where SSL Fits?
HTTP SMTP POP3
80 25 110
HTTPS SSMTP SPOP3
443 465 995
Secure Sockets
Layer
Transport
Network
Link

6. Uses Public Key Scheme
O Each client-server pair uses
O 2 public keys
O One for client (browser)
O Created when browser is installed on client
machine.
O One for server (http server)
O Created when server is installed on server
hardware.
O 2 private keys
O One for client browser
O One for server (http server)

7. SSL Architecture

8. SSL Architecture
O SSL session
O An association between client & server
O Created by the Handshake Protocol
O Define a set of cryptographic parameters
O May be shared by multiple SSL
connections

9. SSL Record Protocol
O Confidentiality
O Using symmetric encryption with a shared
secret key defined by Handshake Protocol
O IDEA, RC2-40, DES-40, DES, 3DES,
Fortezza, RC4-40, RC4-128
O Message is compressed before encryption
O message integrity
O Using a MAC (Message Authentication
Code) created using a shared secret key
and a short message

10. SSL Change Cipher Spec
Protocol
O One of 3 SSL specific protocols which use
the SSL Record protocol
O A single message
O Causes pending state to become current
O Hence updating the cipher suite in use

11. SSL Alert Protocol
O Conveys SSL-related alerts to peer entity
O Severity
O Warning or fatal
O Specific alert
O Unexpected message, bad record mac,
decompression failure, handshake failure, illegal
parameter
O Close notify, no certificate, bad certificate,
unsupported certificate, certificate revoked,
certificate expired, certificate unknown
O Compressed & encrypted like all SSL data

12. SSL Handshake Protocol
O Allows server & client to:
O Authenticate each other
O To negotiate encryption & MAC algorithms
O To negotiate cryptographic keys to be used
O Comprises a series of messages in
phases
O Establish Security Capabilities
O Server Authentication and Key Exchange
O Client Authentication and Key Exchange
O Finish

13. Cont…

14. Transport Layer Security
(TLS)

15. What is TLS?
O The Transport Layer Security (TLS)
protocol is the IETF standard version of
the SSL protocol. The two are very similar,
with slight differences.

16. Cont…
O IETF standard RFC 2246 similar to SSLv3
with minor differences
O In record format version number
O Uses HMAC for MAC
O A pseudo-random function expands
secrets
O Based on HMAC using SHA-1 or MD5
O Has additional alert codes
O Some changes in supported ciphers
O Changes in certificate types & negotiations
O Changes in crypto computations & padding

17. Version
O The first difference is the version number
(major and minor). The current version of
SSL is 3.0; the current version of TLS is
1.0. In other words, SSLv3.0 is compatible
with TLSv1.0.

18. Cipher Suite
O Another minor difference between SSL
and TLS is the lack of support for the
Fortezza method. TLS does not support
Fortezza for key exchange or for
encryption/decryption.

19. Generation of Cryptographic Secrets
Data Expansion Function

20. Cont…
Master Secret Generation

21. Cont…
Key Material Generation

22. TLS Layers
O TLS is composed of two layers: the TLS
Record Protocol and the .
O TLS Handshake Protocol. The TLS Record
Protocol provides connection security with
some encryption method such as the Data
Encryption Standard (DES).
O The TLS Record Protocol can also be used
without encryption.
O The TLS Handshake Protocol allows the
server and client to authenticate each other
and to negotiate an encryption algorithm and
cryptographic keys before data is exchanged.

23. Handshake Protocol
Hash for certificate verification in TLS

24. Message Type
This field identifies the Handshake message type.
Message Types
Code Description
0 HelloRequest
1 ClientHello
2 ServerHello
11 Certificate
12 ServerKeyExchange
13 CertificateRequest
14 ServerHelloDone
15 CertificateVerify
16 ClientKeyExchange
20 Finished

25. Hash for finished message in TLS

26. Alert Protocol
O TLS supports all of the alerts defined in
SSL except for NoCertificate. TLS also
adds some new ones to the list. Table
shows the full list of alerts supported by
TLS.

27. Description
This field identifies which type of alert is being sent.
Alert description types
Code Description Level types Note
0 Close notify warning/fatal
10 Unexpected message fatal
20 Bad record MAC fatal
Possibly a bad SSL
implementation, or payload has
been tampered with e.g. FTP
firewall rule on FTPS server.
21 Decryption failed fatal TLS only, reserved
22 Record overflow fatal TLS only
30 Decompression failure fatal
40 Handshake failure fatal
41 No certificate warning/fatal SSL 3.0 only, reserved
42 Bad certificate warning/fatal
43 Unsupported certificate warning/fatal
E.g. certificate has only Server
authentication usage enabled and
is presented as a client certificate