Secure Socket Layer | How SSL work to accomplish its task? | SSL Services
Secure Socket Layer (SSL) is used to provide security and compression services for data generated from the application layer. It receives data from application layer protocol usually HTTP, the data received is then compressed, signed, encrypted and then passed to a reliable transport layer protocol like TCP. The Compression service is optional.
SSL provides several services on data received from the Application layer. The services of SSL can be defined as follows:
- Fragmentation of data: SSL fragment received data into 2^14 bytes or fewer blocks.
- Compression of data (optional): SSL compresses each block of data by using a lossless compression method between client and server.
- Message Integrity: SSL creates MAC by using a keyed-hash function for data integrity.
- Confidentiality: original data & MAC are encrypted by symmetric key cryptography for confidentiality.
- Framing: header is added to encrypted payload before passing to reliable transport layer protocol.
Record, Handshake, ChangeCipherSpec & Alert are four different protocols that SSL defines to accomplish its operations. Let us have a detailed look on how SSL work to accomplish its task:
The Handshake Protocol: This protocol provides security parameters for the Record protocol. It uses a message to negotiate the cipher suite and provides keys and security parameters. It also authenticates the server to client and client to server whenever needed. It exchanges information for building the cryptographic secrets. The Handshaking is done in 4 phases: Establishing Security Capabilities, Server Authentication & Key Exchange, Client Authentication & Key Exchange, and Finalizing the Handshake Protocol.
The ChangeCipherSpec Protocol: Cipher Suite & Cryptographic Secrets are not used by the client or the server until ChangeCipherSpec message is not delivered by them. Before exchanging this message only pending columns will have values.
The Alert Protocol: SSL uses this protocol for reporting any abnormal condition or error. It contains only message type and the alert message that describe the level of problem (warning or fatal).
The Record Protocol: This protocol carries the message from the upper layer. The message is fragmented and then compressed (if required). MAC address is then added using negotiated hash algorithm. Fragmented message and MAC are then encrypted by using a lossless negotiable encrypted algorithm and message blocks are framed by adding headers.
The confidential encrypted message blocks are then passed to reliable transport layer protocol such as TCP for further processing.
Categories: tech blogs