Home page logo
/

basics logo Security Basics mailing list archives

RE: SSL workings
From: "dave kleiman" <dave () isecureu com>
Date: Tue, 2 Dec 2003 19:23:05 -0500

Tryst,

It is kind of like dating:

1. You see some hot server you want to hang with.
 
2.  You go up to meet the server, talk to it, and shake its hand (SSL
handshake): 
"Ok lets talk, can you Diffie?"   "Yes I can."  "Can you RC4 128?"  "No I
cannot but I can 3DES?"   "Sorry I only RC4 128".  "Goodbye"  (Negotiate
what cipher suite to use).  (ok but we will pretend she (I mean it) said yes
to 3DES.)
Now the server sends its certificate, you authenticate the server by
validating the certificate.  And now you go to the champagne room, I mean
you go sit down and talk in your private language (symmetric encryption).

3.  Now every time you talk you do so in your private session, until you
leave:
You say something it is Hashed, the "hash" (if the bar you are in happens to
be in Amsterdam) is encrypted, you send the hash and encrypted data. And
vice versa.  And you both only accept the information if all values match. 

4.  Once you leave a new negotiation occurs.   New keys etc....

Of course most of the time it just ends at the "Goodbye"


 
_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
dave () isecureu com
www.SecurityBreachResponse.com

"High achievement always takes place in the framework of high expectation."
Jack Kinder

 



-----Original Message-----
From: trystano () aol com [mailto:trystano () aol com] 
Sent: Tuesday, December 02, 2003 12:18
To: security-basics () securityfocus com
Subject: SSL workings


Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use of
certificates etc.

But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?

Sorry if this sounds kind of beginner like :-s

Cheers

Tryst

---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]