Home page logo

basics logo Security Basics mailing list archives

RE: SSL workings
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 2 Dec 2003 19:23:05 -0500


It is kind of like dating:

1. You see some hot server you want to hang with.
2.  You go up to meet the server, talk to it, and shake its hand (SSL
"Ok lets talk, can you Diffie?"   "Yes I can."  "Can you RC4 128?"  "No I
cannot but I can 3DES?"   "Sorry I only RC4 128".  "Goodbye"  (Negotiate
what cipher suite to use).  (ok but we will pretend she (I mean it) said yes
to 3DES.)
Now the server sends its certificate, you authenticate the server by
validating the certificate.  And now you go to the champagne room, I mean
you go sit down and talk in your private language (symmetric encryption).

3.  Now every time you talk you do so in your private session, until you
You say something it is Hashed, the "hash" (if the bar you are in happens to
be in Amsterdam) is encrypted, you send the hash and encrypted data. And
vice versa.  And you both only accept the information if all values match. 

4.  Once you leave a new negotiation occurs.   New keys etc....

Of course most of the time it just ends at the "Goodbye"

Dave Kleiman, CISSP, MCSE, CIFI
dave () isecureu com

"High achievement always takes place in the framework of high expectation."
Jack Kinder


-----Original Message-----
From: trystano () aol com [mailto:trystano () aol com] 
Sent: Tuesday, December 02, 2003 12:18
To: security-basics () securityfocus com
Subject: SSL workings

Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use of
certificates etc.

But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?

Sorry if this sounds kind of beginner like :-s





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]