Secure Socket Layer | How SSL work to accomplish its task? | SSL Services

Secure Socket Layer (SSL) is used to provide security and compression services for data generated from the application layer. It receives data from application layer protocol usually HTTP, the data received is then compressed, signed, encrypted and then passed to a reliable transport layer protocol like TCP. The Compression service is optional.

SSL is a standard security protocol. It is used to establish encrypted links between a web server and a browser in an online communication.

 

SSL Services

Secure Socket Layer provides several services on data received from the Application layer. The services of Secure Socket Layer can be defined as follows:

• Fragmentation of data: SSL fragment received data into 2^14 bytes or fewer blocks.
• Compression of data (optional): SSL compresses each block of data by using a lossless compression method between client and server.
• Message Integrity: SSL creates MAC by using a keyed-hash function for data integrity.
• Confidentiality: original data & MAC are encrypted by symmetric key cryptography for confidentiality.
• Framing: header is added to encrypted payload before passing to reliable transport layer protocol.

SSL Working

 

Record, Handshake, ChangeCipherSpec & Alert are four different protocols that Secure Socket Layer defines to accomplish its operations. Let us have a detailed look on how SSL work to accomplish its task:

The Handshake Protocol: This protocol provides security parameters for the Record protocol. It uses a message to negotiate the cipher suite and provides keys and security parameters. It also authenticates the server to client and client to server whenever needed. It exchanges information for building the cryptographic secrets. The Handshaking is done in 4 phases: Establishing Security Capabilities, Server Authentication & Key Exchange, Client Authentication & Key Exchange, and Finalizing the Handshake Protocol.

The ChangeCipherSpec Protocol: Cipher Suite & Cryptographic Secrets are not used by the client or the server until ChangeCipherSpec message is not delivered by them. Before exchanging this message only pending columns will have values.

The Alert Protocol: SSL uses this protocol for reporting any abnormal condition or error. It contains only message type and the alert message that describe the level of problem (warning or fatal).

 

 

The Record Protocol: This protocol carries the message from the upper layer. The message is fragmented and then compressed (if required). MAC address is then added using negotiated hash algorithm. Fragmented message and MAC are then encrypted by using a lossless negotiable encrypted algorithm and message blocks are framed by adding headers.

The confidential encrypted message blocks are then passed to reliable transport layer protocol such as TCP for further processing.

SSL Connection

SSL certificate is necessary to create SSL connection. First, you are required to provide details about the identity of your website and your company when you choose to activate SSL on your web server. then two cryptographic keys are created – a Private Key and a Public Key.

You need  to submit CSR (Certificate Signing Request). CSR  is a data file that contains your details as well as your Public Key. The Certification Authority will validate your details.After successful authentication of all details, SSL certificate will be issued.

Presence of an SSL protocol and an encrypted session is indicated by the presence of the lock icon in the address bar.

Whenever a browser initiates a connection with a SSL secured website , it will first retrieve the site’s SSL Certificate to check if it’s still valid. It’s also verified that the CA is one that the browser trusts, and also that the certificate is being used by the website for which it has been issued. If any of these checks fail, a warning will be displayed to the user, indicating that the website is not secured by a valid SSL certificate.

Was this article helpful? Share your views about the post in the comment section below.

Keep visiting our Tech-Blogs and get updated with our latest technology related posts.