Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
It is an IETF standardization initiative whose goal is to come out with an Internet standard Version of SSL. The presentation discusses all. Happy Learning. :)
A simple explanation about SSL handshake covering most of the topics asked in interviews about
1. SSL handshake process
2. Key exchange algorithm working
3. Implementation of confidentiality and integrity of messages exchanged
4. Authentication of client and server
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
It is an IETF standardization initiative whose goal is to come out with an Internet standard Version of SSL. The presentation discusses all. Happy Learning. :)
A simple explanation about SSL handshake covering most of the topics asked in interviews about
1. SSL handshake process
2. Key exchange algorithm working
3. Implementation of confidentiality and integrity of messages exchanged
4. Authentication of client and server
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Certificate pinning in android applicationsArash Ramez
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Slides of the Webinar "SSL, impact and optimisation"
INTRODUCTION
What is SSL?
The purpose of SSL
History of SSL / TLS
Overview of a TLS connection
PART 1
What is the role of an SSL certificate?
Levels of validation
Options for certificates: SAN and Wildcard
The certificate ordering process
Certificate chain
SSL algorithms: encryption & authentication
Examples
PART 2
TLS and IPV4 exhaustion
HAProxy and SNI
TLS impacts
SSL offloading
SEO
Security of the SSL protocol
Learn about Secure Socket Layer. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Francesca Gottschalk - How can education support child empowerment.pptx
The last picks
1. The last picks
Md. Nafiur Rahman TuhinMd. Abdullah Al Abid Md. Mazharul Islam Shubho
Md. Sunny Ul Islam
2. Secure Socket Layer (SSL)
Secure Sockets Layer Protocol is the standard security
technology for establishing an encrypted link between a web
server and a browser. This link ensures that all data passed
between the web server and browsers remain private and
integral.
Netscape developed The Secure Sockets Layer Protocol
(SSL) in 1994, as a response to the growing concern over
security on the Internet.
3. Version Of Secure Socket Layer(SSL)
♦SSL Version 1.0
♦SSL Version 2.0
♦SSL Version 3.0
♦TLS Version 1.0
♦TLS Version 1.1
♦TLS Version 1.2
♦TLS Version 1.3 ( August 2018)
5. How It Works
The SSL protocol uses RSA public key cryptography for Internet
Security
Public key encryption uses a pair of asymmetric keys for
encryption and decryption.
Each pair of keys consists of a public key and a private key. The
public key is made public by distributing it widely; the private key
is always kept secret
Data encrypted with the public key can be decrypted only with
the private key, and vice versa.
6. Example of SSL with amazon
If you’ve ever bought something from Amazon, you’ve used SSL.
During checkout you may have noticed the little padlock icon
(amazon.com) in the status bar of your web browser, or that the
URL field of your browser begins with “https.” This is indicating
that you’re
communicating with the website’s server via SSL to secure your
personal information, your credit card number, etc.
This type of SSL between a web browser and a website server
includes what is commonly referred to as Server Authentication
7. Server Authentication
Server Authentication is a
means of authenticating and
identifying the sever to the
client using a Server Certificate.
A Server Certificate is a required
part of any SSL communication.
The server
certificate contains basic
information and a digital
signature that properly
identifies the server it is
associated with.
8. Steps for SSL Communication
Client connects to a web server (website) secured with SSL (https). Client requests that
the server identify itself.
Server sends a copy of its SSL Certificate, including the server’s public key.
Client checks that the certificate is trusted: unexpired, unrevoked, and valid for the
website
that it is connecting to. If the client trusts the certificate, it creates, encrypts, and sends
back
a session key using the server’s public key.
Server decrypts the symmetric session key using its private key and begins an encrypted
session with the client. The server and client now encrypt all transmitted data with the
session key.
9. SSL Communication Diagram
Client Server
Hello, lets set up a secure SSL session
Hello, here is my certificate
Here is my session key
Secure SSL Session
1
2
3
4
10. Mutual or “Two-Way” Authentication
Mutual Authentication, also commonly referred to as Two-Way
Authentication, refers to the combination of both Server and
Client Authentication.
The authentication is mutual, or two-way, because the server is
authenticating itself to the client, and the client is
authenticating itself to the server.
11. Client Authentication
Client Authentication, similar to server authentication, is a
means of authenticating and identifying the client to the server
using a Client Certificate.
A Client Certificate contains basic information about the client’s
identity, and the digital signature on this certificate verifies that
this information is authentic.
12. Mutual Authentication Diagram
Hello, lets set up a secure SSL session
Hello, where is your certificate
Here is my certificate
Here is my session key
Secure SSL Session
1
2
3
4
13. Certificates
Web sites that deal in
ecommerce must have
certificates for authentication
Installed at server.
Transmitted to client for
authentication
Validated using CA’s public key.
Browser
Client Machine
Server Machine
Web Container
(JSP, ASP)
Certificates
signed by CA
CA
Request for secure session
14. Secure Socket Layer Protocol
Server
Client
Establishing Security Capabilities
Server Authentications and key exchange
Client Authentications and key exchange
Finalizing the handshaking protocol
Phase 1
Phase 2
Phase 3
Phase 4
15. SSL Protocol: Phase 1
Phase 1: Information
exchange
• Problem: Large number of
encryption algorithms in
use
• How do client and server
agree on which to use?
• How does client tell server
which ones it supports?
Phase 1
Version
Random Client Number
Session Id
Chipper Suite
Compression Methods
Version
Server Random Number
Session Id
Select Chipper Set
Select Compression
Method
16. SSL Protocol: Phase 1
• Client passes preferred algorithms to server via https request
• Public key encryption algorithms
• Private key encryption algorithms
• Hash algorithms
• Compression algorithms
• Also random number for key generation
• Server replies with algorithms that will be used
• Also passes own random number
17. SSL Protocol: Phase 2
Phase 2: Server Identification and
Key Exchange
• Server passes their certificates to
client
• Client uses issuer public key to
verify identity
• Client retrieves server public key
from certificate
• Server may pass many
certificates for authentication
Client Server
A chain of certificate
Server Public Key
Certificate
Server Key Exchange
18. SSL Protocol: Phase 2
If no certificate containing a public key, separate public key must be passed
Certificate No Certificate
RSA Exchange
g, p, gs
No Server Key Exchange
Server Key Exchange
Certificate contains RSA public key,
so no separate key passed
No certificate, so Diffie-Hellman key
exchange parameters passed
19. SSL Protocol: Phase 2
• Server can also request appropriate client certificates to authenticate client
• Online banking
• Remote access to company database
A chain of certificates
Server Public Key
List of acceptable certificates
List of acceptable authorities
No contents
Certificate
Server Key Exchange
Certificates Request
Server Hello Done
20. SSL Protocol: Phase 3
Phase 3: Client Identification and Key Exchange
• Client sends certificate or public key if requested by server
Chain Of Certifications
Client Public key
Phase 3
Certificate
Client Key Exchange
Client Server
21. SSL Data Transmission
• Message broken into blocks
• Block compressed
• Compressed block hashed
with
authentication key to get MAC
(message integrity)
• Compressed block + MAC
encrypted
with cipher key
• Encrypted block + record
protocol
header with version/length
information sent
Payload from upper layer Protocol
Fragment
Sompression
Compressed
Compressed MAC
Encryption
Encrypted Fragment
Hash
SSL Payload