Secure Socket Layer (SSL) is a protocol encryption Layer based on HTTPS. It was first developed by Netscape. After being standardized by IETF (The Internet Engineering Task Force – Internet Engineering Task Force), RFC contains a lot of Internet technology specifications!

At first, because HTTP is used to transmit data in clear (although the POST data submitted in the body can’t see, but still can be caught tool steal) is not secure, in order to solve the hidden trouble netscape introduced a SSL secure sockets layer, SSL is a protocol based on the HTTP under the TCP layer, HPPTS is based on the HTTP standard and encrypts data transmitted through TCP. Therefore, HPPTS is short for HTTP+SSL/TCP.

As the introduction of HTTPS was well received, when SSL was updated to 3.0, THE IETF standardized SSL3.0 and added a few mechanisms (but almost the same as SSL3.0), After standardization, IETF changed its name to TLS1.0(Transport Layer Security protocol). TLS is the new version 3.1 of SSL, and at the same time released “RFC2246-TLS Encryption protocol details”. If you want to learn more about how TLS works, you can go to the RFC official website: www.rfc-editor.org, search RFC2246 to find the RFC documentation! — That is the historical background

SSL stands for secure Socket Layer. In short, it is a standard technology that sectifies Internet connections, protects any sensitive data sent between two systems, and prevents cybercriminals from reading and modifying any transmitted information, including personal data. Two systems may refer to a server and a client (for example, a browser and a shopping website), or between two servers (for example, an application with personally identifiable information or payroll information).

To explain how the HTTPS protocol works, you need at least the following background information. 1. Understand the meanings of some basic terms (HTTPS, SSL, TLS) 2. Understand the relationship between HTTP and TCP (especially “short connections” vs. “long connections”). General understanding of the concept of encryption algorithms (especially the difference between “symmetric encryption and asymmetric encryption”) 4. 5. Several handshakes of the TCP communication protocol

TLS (Transport Layer Security) is a more secure upgrade to SSL. Since the term SSL is more commonly used, we will still refer to our security certificate as SSL. But when you buy SSL from Symantec, what you’re really buying is the latest TLS certificate, with a choice of ECC, RSA, or DSA encryption.

TLS/SSL is a specification for encrypted channels

It uses symmetric encryption, asymmetric encryption of public and private keys and key exchange algorithm, CA system to transmit encrypted and trusted information

The commonly used symmetric encryption algorithms in HTTP SSL include RC4,AES,3DES,Camellia, etc

SSL was developed by netscape in versions 1,2, and 3, but only version 3 is used today

TLS is a standardized version of SSL. Versions 1.0, 1.1 and 1.2 use 1.0 by default

TLS1.0 is almost indistinguishable from SSL3.0

In fact, we’re using TLS now, but because of the history of being used to the term SSL, it’s always SSL.

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) is a Security protocol that provides Security and data integrity for network communications. TLS and SSL encrypt network connections at the transport layer.

SSL is located between TCP/IP and various application-layer protocols and provides security support for data communication. The SSL Protocol is divided into two layers: SSL Record Protocol (SSL Record Protocol) : Based on reliable transport protocols (such as TCP), it supports basic functions such as data encapsulation, compression, and encryption for high-level protocols. SSL Handshake Protocol: Based on the SSL recording Protocol, it is used for identity authentication, encryption algorithm negotiation, and encryption key exchange between communication parties before data transmission.

The Secure Transport Layer protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. This protocol consists of two layers: TLS Record and TLS Handshake.

The biggest advantage of TLS is that TLS is independent of the application protocol. High-level protocols can be transparently distributed over TLS. However, the TLS standard does not specify how applications can add security to TLS; It leaves it up to the protocol designer and implementer to decide how to enable the TLS handshake protocol and how to interpret the exchanged certificates.

SSL encryption SSL is a secure and confidential protocol developed by Netscape. In browsers (such as Internet Explorer, Netscape Navigator) and Web servers (such as Netscape Enterprise Server, ColdFusion) SSL runs above the TCP/IP layer and below the application layer to provide encrypted data channels for applications. It uses RC4, MD5 and RSA encryption algorithms, using 40-bit keys, suitable for commercial information encryption. At the same time, Netscape developed the HTTPS protocol and built it into its browser. HTTPS is really HTTP over SSL. It uses the default port 443 instead of using port 80 to communicate with TCP/IP, as HTTP does. The HTTPS protocol uses SSL to encrypt the original data at the sender and then decrypt the original data at the receiver. The encryption and decryption are implemented by exchanging known keys between the sender and receiver. Therefore, the transmitted data cannot be easily intercepted or decrypted by network hackers. However, the process of encryption and decryption requires a lot of overhead and seriously reduces the performance of the machine. Relevant test data show that the efficiency of data transmission using HTTPS is only one tenth of that using HTTP. If for the sake of security, will be a website all Web applications enable SSL encryption technology to, and use the HTTPS protocol to transmit, so the performance and efficiency of the site will be greatly reduced, and don’t have the necessary, because not all data are generally requires the high security level 2, TLS encryption TLS: The Transport Layer Security protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. This protocol consists of two layers: TLS Record and TLS Handshake. The lower layer is the TLS recording protocol, which sits on top of some reliable transport protocol, such as TCP.

The differences between SSL and TLS are introduced

SSL (Secure Socket Layer), a protocol Layer between reliable connection-oriented network Layer protocols and application Layer protocols. SSL ensures secure communication between clients and servers through mutual authentication, digital signatures to ensure integrity, and encryption to ensure privacy. The protocol consists of two layers: SSL recording protocol and SSL handshake protocol.

TLS :(Transport Layer Security), used to provide confidentiality and data integrity between two applications. The protocol consists of two layers: TLS recording protocol and TLS handshake protocol.

SSL was developed by Netscape specifically to secure Web communications and is currently available in version 3.0. The latest version of TLS 1.0 is a new protocol specified by IETE (Engineering Task Force), which builds on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. The difference is minimal and can be understood as SSL 3.1, which is written to the RFC.

Secure Socket Layer (SSL)

Developed by Netscape to secure data transmission over the Internet, Encryption technology is used to ensure that data cannot be intercepted during transmission over the network.

The current version is 3.0. It has been widely used for authentication and encrypted data transfer between Web browsers and servers.

SSL is located between TCP/IP and various application-layer protocols and provides security support for data communication. The SSL Protocol is divided into two layers: SSL Record Protocol (SSL Record Protocol) : Based on reliable transport protocols (such as TCP), it supports basic functions such as data encapsulation, compression, and encryption for high-level protocols. SSL Handshake Protocol: Based on the SSL recording Protocol, it is used for identity authentication, encryption algorithm negotiation, and encryption key exchange between communication parties before data transmission.

SSL provides the following services:

1) Authenticate users and servers to ensure that data is sent to the correct clients and servers;

2) Encrypt data to prevent data theft;

3) Maintain data integrity and ensure that data will not be changed during transmission.

Workflow of SSL protocol:

Server authentication phase:

1) The client sends a start message “Hello” to the server to start a new session connection;

2) The server determines whether to generate a new master key according to the customer’s information. If so, the server will respond to the customer’s “Hello” message with the information required for generating the master key;

3) Customer service generates a master key according to the response information received from the server, encrypts it with the public key of the server and sends it to the server;

4) The server recovers the master key and returns to the client a master key authentication information, so that the client can authenticate the server.

User authentication: The server is authenticated by the customer. The authenticated server sends a question to the customer, who provides authentication to the server by returning the (digital) signed question and its public key.

Transport Layer Security Protocol (TLS) : Transport Layer Protocol

The Secure Transport Layer protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. This protocol consists of two parts: TLS Record and TLS Handshake. The lower layer is the TLS recording protocol, which sits on top of some reliable transport protocol, such as TCP.

The connection security provided by the TLS recording protocol has two basic features:

Private symmetric encryption is used for data encryption (DES, RC4, etc.). Symmetric encryption produces a key that is unique to each connection and negotiated based on another protocol, such as a handshake protocol. Recording protocols can also be used without encryption. Reliable – The transfer of information includes information integrity checks using a MAC with a key. The secure hash function (SHA, MD5, etc.) is used for MAC calculation. The logging protocol can operate without a MAC, but generally only in this mode, where another protocol is negotiating security parameters using the logging protocol transport. The TLS recording protocol is used to encapsulate various high-level protocols. One of these encapsulation protocols, the handshake protocol, allows the server and client to authenticate each other and negotiate encryption algorithms and encryption keys before the application protocol transmits and receives its first data byte. The connection security provided by the TLS handshake protocol has three basic properties:

Asymmetric, or public-key cryptography can be used to authenticate peers. This authentication is optional, but requires at least one node party. The negotiation of shared decryption keys is secure. Negotiated encryption is difficult for thieves to obtain. In addition, authenticated connections cannot be encrypted, even if an attacker enters the middle of a connection. Negotiations are reliable. No attacker can modify a communication negotiation without being detected by the communicating party member. The biggest advantage of TLS is that TLS is independent of the application protocol. High-level protocols can be transparently distributed over TLS. However, the TLS standard does not specify how applications can add security to TLS; How it initiates the TLS handshake protocol and how it interprets the exchanged certificates is left up to the protocol designer and implementer.

Protocol structure

The TLS protocol consists of two protocol groups — THE TLS recording protocol and the TLS handshake protocol.

TLS and SSL: parallel relationship

The latest version of Transport Layer Security (TLS) is a new protocol formulated by the Internet Engineering Task Force (IETF). It is based on the SSL 3.0 protocol specification and is a later version of SSL 3.0. There are significant differences between TLS and SSL 3.0, mainly because they support different encryption algorithms, so TLS and SSL 3.0 are not interoperable.

1. Differences between TLS and SSL

1) Version number: The TLS record format is the same as the SSL record format, but the version number value is different. Version 1.0 of TLS uses the version number SSLv3.1.

2) Packet identification code: SSLv3.0 and TLS have different MAC algorithms and MAC calculation ranges. TLS uses the HMAC algorithm defined by RFC-2104. SSLv3.0 uses a similar algorithm. The difference is that SSLv3.0 uses a join operation between the fill byte and the key, while HMAC uses an XOR operation. But they are equally safe.

3) Pseudo-random function: TLS uses a pseudo-random function called PRF to extend the key into data blocks, which is a more secure way.

4) Alarm code: TLS supports almost all SSLv3.0 alarm codes, and many additional alarm codes are defined in TLS. For example, decryption_failed, record overflow, unknown CA (Unknown_CA), and access_denied.

5) Ciphertext and client certificates: SSLv3.0 differs slightly from TLS in that TLS does not support Fortezza key exchange, encryption algorithms, and client certificates.

6) CERTIFicate_Verify and FINISHED messages: SSLv3.0 and TLS use slightly different inputs to compute MD5 and SHA-1 hash codes using CERTIFicate_Verify and FINISHED messages, but the security is similar.

7) Encryption calculation: TLS and SSLv3.0 use different methods to calculate master secret.

8) Padding: padding bytes that need to be added before user data encryption. In SSL, the length of the filled data reaches the minimum integer multiple of the ciphertext fast length. In TLS, the length of the filled data can be any integer multiple of the length of the ciphertext block (but the maximum length of the filled data is 255 bytes), which prevents attacks based on packet length analysis.

2. Major enhancements to TLS

The main goals of TLS are to make SSL more secure and to make the specification of the protocol more precise and complete. TLS provides the following additions to SSL V3.0:

1) More secure MAC algorithms

2) Tighter alerts

3) A clearer definition of the “grey area” specification

3.TLS for security improvement

1) Use key hashing for message authentication: TLS uses key hashing for Message Authentication Code (HMAC), which ensures that records cannot be changed when they are transmitted over an open network such as the Internet. SSLv3.0 also provides keyed message authentication, but HMAC is more secure than SSLv3.0 using (message authentication code) MAC functionality.

2) Enhanced pseudo-random function (PRF) : PRF generates key data. In TLS, HMAC defines PRF. PRF uses two hash algorithms to ensure its security. If either algorithm is exposed, the data remains safe as long as the second algorithm is not.

3) Improved completed message validation: BOTH TLS and SSLv3.0 provide completed messages to both endpoints that authenticate the messages exchanged without being changed. However, TLS bases this completed message on PRF and HMAC values, which is also more secure than SSLv3.0.

4) Consistent certificate handling: Unlike SSLv3.0, TLS attempts to specify the type of certificate that must be exchanged between TLS.

5) Specific alert messages: TLS provides additional specific and additional alerts to indicate problems detected by either session endpoint. TLS also logs when certain alerts should be sent.

[More details]

1, talk about the HTTPS and SSL/TLS protocol | programmer – programmer, programming languages, software development and programming technology www.techug.com/post/https-…

SSL/TLS www.mamicode.com/info-detail… (Recommended reading)

Buy me a cup of coffee 🙂