Mrinal Wadhwa, profile picture
Uploaded byMrinal Wadhwa
PDF, PPTX1,145 views

Transport Layer Security - Mrinal Wadhwa

The document summarizes the evolution of the Transport Layer Security (TLS) protocol from versions 1.0 to 1.2. It describes the key components of TLS including the record protocol for fragmenting and transmitting encrypted data, handshake protocol for authentication and key exchange, and cipher suites for encryption algorithms. The TLS protocol provides secure communication over the internet by preventing eavesdropping, tampering, and forgery of messages between client and server applications.

Embed presentation

Download as PDF, PPTX
Transport Layer Security Mrinal Wadhwa http://www.mrinalwadhwa.com
SSL v1 before 1995, internal to Netscape, never released
SSL v2 draft published in FEB 1995 SSL 0.2 PROTOCOL SPECIFICATION http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
SSL v3 draft published in NOV 1996 The SSL Protocol Version 3.0 http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
TLS 1.0 RFC 2446 - in Jan 1999 The TLS Protocol Version 1.0 http://tools.ietf.org/html/rfc2246
TLS 1.1 RFC 4346 - in April 2006 The Transport Layer Security (TLS) Protocol Version 1.1 http://tools.ietf.org/html/rfc4346
TLS 1.2 RFC 5246 - in August 2008 The Transport Layer Security (TLS) Protocol Version 1.2 http://tools.ietf.org/html/rfc5246
"The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery." - The Transport Layer Security (TLS) Protocol Version 1.2
Record Protocol http://tools.ietf.org/html/rfc5246#section-6
The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.
struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;
Change Cipher Spec Protocol http://tools.ietf.org/html/rfc5246#section-7.1
Alert Protocol http://tools.ietf.org/html/rfc5246#section-7.2
Handshake Protocol a simplified discussion http://tools.ietf.org/html/rfc5246#section-7.3
Hello Request http://tools.ietf.org/html/rfc5246#section-7.4.1.1 struct { } HelloRequest;
Client Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.2 struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;
CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA "The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism." Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9 Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA Key Exchange - RSA Cipher - AES_128_CBC Mac - SHA (HMAC-SHA1)
Server Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.3 struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;
Server Certificate http://tools.ietf.org/html/rfc5246#section-7.4.2 opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate;
Server Hello Done http://tools.ietf.org/html/rfc5246#section-7.4.5 struct { } ServerHelloDone;
Client Key Exchange Message http://tools.ietf.org/html/rfc5246#section-7.4.7 struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;
Finished http://tools.ietf.org/html/rfc5246#section-7.4.9 struct { opaque verify_data[verify_data_length]; } Finished;
?
- mrinalwadhwa.com - email@mrinalwadhwa.com - @mrinal - github.com/mrinalwadhwa

More Related Content

PDF
wolfSSL and TLS 1.3
bywolfSSL
 
PPTX
Ssl and tls
byRana assad ali
 
PDF
FIPS 140-2 Validations in a Secure Enclave
bywolfSSL
 
PPTX
Transport layer security
byHrudya Balachandran
 
PPT
Sniffing SSL Traffic
bydkaya
 
PPT
security in transport layer ssl
bySTUDENT
 
PPTX
All you need to know about transport layer security
byMaarten Smeets
 
PDF
wolfSSL TLS 1.3 Support in 2018
bywolfSSL
 
wolfSSL and TLS 1.3
bywolfSSL
 
Ssl and tls
byRana assad ali
 
FIPS 140-2 Validations in a Secure Enclave
bywolfSSL
 
Transport layer security
byHrudya Balachandran
 
Sniffing SSL Traffic
bydkaya
 
security in transport layer ssl
bySTUDENT
 
All you need to know about transport layer security
byMaarten Smeets
 
wolfSSL TLS 1.3 Support in 2018
bywolfSSL
 

What's hot

PPT
SSL/TLS
byDr Anjan Krishnamurthy
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
byMonodip Singha Roy
 
PPTX
SSL And TLS
byGhanshyam Patel
 
PPTX
Secure Socket Layer
byPina Parmar
 
PPTX
Secure Shell(ssh)
byPina Parmar
 
PPTX
Transport layer security
byHrudya Balachandran
 
PPSX
Secure socket layer
byNishant Pahad
 
PPT
Introduction to SSH
byHemant Shah
 
PDF
Transport Layer Security
byIbrahiem Mohammed
 
PDF
TLS/SSL Protocol Design 201006
byNate Lawson
 
PPTX
SSL overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPT
SSL
byDuy Do Phan
 
PPTX
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
byJaroslavChmurny
 
PDF
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
byIves Laaf
 
PPTX
TLS - Transport Layer Security
byByronKimani
 
PDF
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
byIves Laaf
 
PPTX
Transport Layer Security
byChhatra Thapa
 
PPTX
secure socket layer
byAmar Shah
 
SSL/TLS
byDr Anjan Krishnamurthy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
byMonodip Singha Roy
 
SSL And TLS
byGhanshyam Patel
 
Secure Socket Layer
byPina Parmar
 
Secure Shell(ssh)
byPina Parmar
 
Transport layer security
byHrudya Balachandran
 
Secure socket layer
byNishant Pahad
 
Introduction to SSH
byHemant Shah
 
Transport Layer Security
byIbrahiem Mohammed
 
TLS/SSL Protocol Design 201006
byNate Lawson
 
SSL overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SSL
byDuy Do Phan
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
byJaroslavChmurny
 
SCEP - simple certificate enrollment protocol - 1. OpenCA Workshop 2004 / Ope...
byIves Laaf
 
TLS - Transport Layer Security
byByronKimani
 
Certificate Based VPN Remote Access - 1. OpenCA Workshop 2004 / OpenXPKI
byIves Laaf
 
Transport Layer Security
byChhatra Thapa
 
secure socket layer
byAmar Shah
 

Similar to Transport Layer Security - Mrinal Wadhwa

PPT
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
byghorilemin
 
PPT
03-SSL (2).ppt
byShounakDas16
 
PPT
03-SSL (1).ppt
byZAKARIAABED1
 
PPTX
ncsmodule module department of electronics
byPrateekJoshi63
 
PPT
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
bysandhyadevit
 
PPTX
669671684-Ch17-Crypto6e.pptx669671684-Ch17-Crypto6e.pptx
bytahircs1
 
PPT
ch16-Cryptography and Network Security.ppt
byKamranHussainAwan
 
PPTX
Secure socket layer
byEmprovise
 
PPT
Lecture 6 web security
byrajakhurram
 
PDF
Unit 4_SSL_Handshake Protocol_Record Layer Protocol.pdf
byKanchanPatil34
 
PDF
SSL/TLS Handshake
byArpit Agarwal
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
PPT
Transportsec
byBogdan Korniyenko
 
PPTX
Cryptography by Afroz haider mir
byAFROZ MIR
 
PDF
TLS/SSL Protocol Design
byNate Lawson
 
PPTX
Transport Layer Security
byHuda Seyam
 
PPTX
Atonomy of-a-tls-handshake-mini-conferentie
byMichel Schudel
 
PPT
this is ppt this is ppt this is ppt this is ppt
byghorilemin
 
PPT
8.SSL encryption.ppt
byNoName261177
 
PDF
VisualWorks Security Reloaded - STIC 2012
byMartin Kobetic
 
03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL (1).ppt03-SSL ...
byghorilemin
 
03-SSL (2).ppt
byShounakDas16
 
03-SSL (1).ppt
byZAKARIAABED1
 
ncsmodule module department of electronics
byPrateekJoshi63
 
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
bysandhyadevit
 
669671684-Ch17-Crypto6e.pptx669671684-Ch17-Crypto6e.pptx
bytahircs1
 
ch16-Cryptography and Network Security.ppt
byKamranHussainAwan
 
Secure socket layer
byEmprovise
 
Lecture 6 web security
byrajakhurram
 
Unit 4_SSL_Handshake Protocol_Record Layer Protocol.pdf
byKanchanPatil34
 
SSL/TLS Handshake
byArpit Agarwal
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
byJyothishmathi Institute of Technology and Science Karimnagar
 
Transportsec
byBogdan Korniyenko
 
Cryptography by Afroz haider mir
byAFROZ MIR
 
TLS/SSL Protocol Design
byNate Lawson
 
Transport Layer Security
byHuda Seyam
 
Atonomy of-a-tls-handshake-mini-conferentie
byMichel Schudel
 
this is ppt this is ppt this is ppt this is ppt
byghorilemin
 
8.SSL encryption.ppt
byNoName261177
 
VisualWorks Security Reloaded - STIC 2012
byMartin Kobetic
 

More from Mrinal Wadhwa

PDF
Considerations for a secure internet of things for cities and communities
byMrinal Wadhwa
 
PDF
An Introduction To Rich Internet Apllications
byMrinal Wadhwa
 
PDF
Flex 4 Component Lifecycle
byMrinal Wadhwa
 
PDF
Custom Components In Flex 4
byMrinal Wadhwa
 
PDF
SF IoT Meetup - Decentralized Identifiers & Verifiable Claims
byMrinal Wadhwa
 
PDF
Introduction to Rich Internet Applications, Flex, AIR
byMrinal Wadhwa
 
PDF
Austin Smart City Readiness Workshop - Viability and Sustainability of IoT Sm...
byMrinal Wadhwa
 
PDF
Edge Computing and Machine Learning for a better Internet of Things
byMrinal Wadhwa
 
PDF
Better Parking. Better Communities.
byMrinal Wadhwa
 
PDF
Bits, Bytes and Blobs
byMrinal Wadhwa
 
Considerations for a secure internet of things for cities and communities
byMrinal Wadhwa
 
An Introduction To Rich Internet Apllications
byMrinal Wadhwa
 
Flex 4 Component Lifecycle
byMrinal Wadhwa
 
Custom Components In Flex 4
byMrinal Wadhwa
 
SF IoT Meetup - Decentralized Identifiers & Verifiable Claims
byMrinal Wadhwa
 
Introduction to Rich Internet Applications, Flex, AIR
byMrinal Wadhwa
 
Austin Smart City Readiness Workshop - Viability and Sustainability of IoT Sm...
byMrinal Wadhwa
 
Edge Computing and Machine Learning for a better Internet of Things
byMrinal Wadhwa
 
Better Parking. Better Communities.
byMrinal Wadhwa
 
Bits, Bytes and Blobs
byMrinal Wadhwa
 

Recently uploaded

PDF
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
PDF
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
Lightweight, Travel-Ready Freedom for Adults and Seniors
byTopmate
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
One String, Many Prompts: AI Code Generation
byGeoffrey Goetz
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Lightweight, Travel-Ready Freedom for Adults and Seniors
byTopmate
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
connectives-linking words in English.ppt
byAmrMohammed82
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 

Transport Layer Security - Mrinal Wadhwa

  • 1.
    Transport Layer Security Mrinal Wadhwa http://www.mrinalwadhwa.com
  • 2.
    SSL v1 before 1995,internal to Netscape, never released
  • 3.
    SSL v2 draft published in FEB 1995 SSL 0.2 PROTOCOL SPECIFICATION http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
  • 4.
    SSL v3 draft published in NOV 1996 The SSL Protocol Version 3.0 http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
  • 5.
    TLS 1.0 RFC 2446- in Jan 1999 The TLS Protocol Version 1.0 http://tools.ietf.org/html/rfc2246
  • 6.
    TLS 1.1 RFC 4346 - in April 2006 The Transport Layer Security (TLS) Protocol Version 1.1 http://tools.ietf.org/html/rfc4346
  • 7.
    TLS 1.2 RFC 5246 - in August 2008 The Transport Layer Security (TLS) Protocol Version 1.2 http://tools.ietf.org/html/rfc5246
  • 8.
    "The TLS protocolprovides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery." - The Transport Layer Security (TLS) Protocol Version 1.2
  • 9.
  • 10.
    The Record Protocoltakes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.
  • 11.
    struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;
  • 12.
    Change Cipher Spec Protocol http://tools.ietf.org/html/rfc5246#section-7.1
  • 13.
  • 14.
    Handshake Protocol a simplified discussion http://tools.ietf.org/html/rfc5246#section-7.3
  • 15.
  • 16.
    Client Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.2 struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;
  • 17.
    CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA "The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism." Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9 Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
  • 18.
    CIPHER SUITES TLS_RSA_WITH_AES_128_CBC_SHA Key Exchange - RSA Cipher - AES_128_CBC Mac - SHA (HMAC-SHA1)
  • 19.
    Server Hello http://tools.ietf.org/html/rfc5246#section-7.4.1.3 struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;
  • 20.
    Server Certificate http://tools.ietf.org/html/rfc5246#section-7.4.2 opaque ASN.1Cert<1..2^24-1>; struct { ASN.1Cert certificate_list<0..2^24-1>; } Certificate;
  • 21.
  • 22.
    Client Key ExchangeMessage http://tools.ietf.org/html/rfc5246#section-7.4.7 struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;
  • 23.
    Finished http://tools.ietf.org/html/rfc5246#section-7.4.9 struct { opaque verify_data[verify_data_length]; } Finished;
  • 24.
  • 25.
    - mrinalwadhwa.com - email@mrinalwadhwa.com -@mrinal - github.com/mrinalwadhwa