Professional Documents
Culture Documents
TCP
Encryption
35L Heodea Header
Appended.
fssL K
Handohokk potocolt
Handshake protocal i5 ujed to estabish 3essions " hisprdo
authenticate each othea
-Col alows the cient and serves to
sending Series of messases to each oths. tands hakd
by
protocol uses four phases to complete. its CHcle.
phase.I n phase. both client and Serves Sen helo packe
-ts to cach othes n this TP Ses5ion, Ciphes suite and prooc
-ol version are exchanged for securiby purposes.
phase- 2: 3erves Sends his cerifiate ard Serves- key echarge.
The SerVeY end phase -a by sending
the Sey ves- hello- ed
Packet:
phase- 3! In this phase cient Teplie s to the Sesves by send
-ng his Certificate and client- exchange-key
phase-4 : Tn phase- 4 change- ciphes site occurs andaftes
thu's the ttand¢hake protool ends.
s5L Handshake protoeol phaye s diagramati
Tepreserntation:
CLIENT SERVER
phase- )
ient Helo
Estabüsh
Connection
Setve Helo
| byte
Alert potocol !
This potool 1s ed to Conve y s5L -related alerts to the
peer enti . Each mes sase in this prtocol contains 2
bytes Level Alert
C bgte) byte)
The (evel is furthes classified intu teoo parts
INarnig (levcl )
betuDeen Serd
This Alest has nO innpat on the conecion
-e nd eceives SOme o of them aare
C2) Authenication
(3) Integit
(49 Non- repudaion
(3) public -kry cngptgraphy
(3) Ses5ion Manament
() cestificates i55ued by tsusted cAs .
using encyption.
Interopesabiü ty: TL5/55L o0TRS coith mast cueb brocse3)
inclucding Mic rosott Irternet Exploe and on most opesot
ring sYstem3 and Cueb server.
Algonthm flexibilty* TL9/5sL provides opeoations for,
authentication'mechaism, encyption algonthm and
hashing algortthm that are wyed durìng th Secure ;
esson
Ease of Deployment Ny apicatons TLS I5sL tempo
on ay windos SeVea 2003
operasng oystem.
Ease of BecasG we împlement TLslssl beneath
the appiation loyes , most of its orationg o07c Coplc
-tely invisible to the ciert
oskin& of TLS
client ConneCt to erves Cusing TCP), the, cient cDir
The
be Sonnethin The cie nt
Sends number o Specifcation:
(9 VerSiOn t 55LTLS
compresSion Method it cants to ut.
ites,
(2) oich cipbes
checks what the highest ssL TLS Version is that
> Serves tn
SwpPOted by them both I picks au ciphes Site
is compe
option ard optionc picks
one of the eents
-551on metho.
setup is done the server proide)
’ Aftes this the bosic
tUsted eithes
must be
its ceti fcate. This certiticcte
cicnt itself oy'a Party thct the ient trUsts
by the
Hawing vesihed the Cert icote and beng Certun ths
’
Serves really is coho he claims to be, uky is
crchanges.
’ This an be a pubic, keY, Pre Mastejecret or simg
nothing depercing upon ciphe su
aclministe red
netoork
Pubic
Intcrnet LAN
trusted "pod untrusteo bad
Limitatians ot FireCyalls +
bypass the firecall.
4) Cannot potect aainst atacks that
an 15P , or dial ~in
Ex* PCs coi th dial-ot capabiTtyto
modemn pool use,
interral threats.
(2) Do not protect apçnst coith ar
Ez+ iitated enplee eT OR coho CO-oeTatei
ttacke).
infectec
k3) annot protect aspinst the transte of virus-
THPes ot fixccuass+
Fincals aue. generally classi fied ay three types
* packet filtcring Toutes
* Applkation-level qatecny
k Cicut- level gatcay.