Home page logo
/

basics logo Security Basics mailing list archives

Re: SSL workings
From: Markus Müssig <mmuessig () multamedio de>
Date: 03 Dec 2003 13:43:27 +0100

I will try to explane it from a https/http-corner:
HTTP-Servers are usually accessed on port 80. They do a
three-way-handshake and transmit data unencrypted. You can sniff every
object, requested form a through the browser specified url and see every
packet as "plain" unencrypted data...

A project definition from httpd.conf for a standard and minimal
http-site
<VirtualHost *:80>
    DocumentRoot /data/srv/www/projectfolder
    ServerName test.server.de
    ServerAdmin root () localhost
    ErrorLog /var/log/apache/error.log
    TransferLog /var/log/apache/access.log
</VirtualHost>


HTTPS-Servers are usually accessed on port 443. Apache configuration of
such a webproject is a little more sophisticated

<VirtualHost *:443>
    DocumentRoot /data/srv/www/projectfolder
    ServerName test.server.de
    ServerAdmin root () localhost
    ErrorLog /var/log/apache/error.log
    TransferLog /var/log/apache/access.log

    SSLEngine on                <--- USE SSL
    SSLCipherSuite              <--- POSSIBLE ENCRYPTION ALGORITHMS
        ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile          <--- SERVERCERTIFICATE SENT WHILE
                                CLIENTCONNECT AT PORT 443
        /data/ssl/certPool/BitworxCA/certs/testserver.bitworx.de.crt
    SSLCertificateKeyFile       <--- PRIVATE KEY FOR SERVERCERT
        /data/ssl/certPool/BitworxCA/private/testserver.bitworx.de.key
    SSLCACertificatePath
        /data/ssl/certPool/BitworxCA/ca/
    SSLCACertificateFile        <--- CA WHICH SIGNED THE SERVERCERT
        /data/ssl/certPool/BitworxCA/ca/ca.pem
</VirtualHost>

As you see above, a servercert is sent to a client connecting to that
server:443
The following occures while initial connection-handling
Server sents a servercert with public key
Client has to accept cert (thats done automatically if the servercert is
signed by a well-known cert-authority like thawte, verisign...=
Now client and server negotiate a symmetric sessionkey using
public-private-keys from cert for encrypting that phase
After checking out a symmetric session key, traffic is encrypted by that
session key

1. Three-Way-Handshake
2. Client HELO
3. Server HELO
4. Servercert to client
5. Exchange Keys
6. Exchange Cipherspecs
7. Negotiation of symmetric session key+
UNTIL NOW PUBLIC/PRIVATE KEY ENCRYPTION
8. Encrypted data by use of sessionkey

Hope that helps a little bit!

TO EVERYONE:
Please correct/add things you know/know better than me...

regards, Markus Muessig



On Tue, 2003-12-02 at 18:18, trystano () aol com wrote:
Can some please highlight exactly how SSL works. I know it encrypts data sent between a client and a server and uses 
authentications through use of certificates etc.

But does it secure the a socket/port out of which the data is being transffered. Does SSL send data through a 
different port that normal unprotected data transfers?

Sorry if this sounds kind of beginner like :-s

Cheers

Tryst

---------------------------------------------------------------------------
----------------------------------------------------------------------------

-- 
----------------------------------------------------------------------
Markus Müssig                       MULTA MEDIO Informationssysteme AG
- Systemadministrator -                         Mergentheimer Str. 76a
                                                       97082 Wuerzburg
mailto:mmuessig () multamedio de                 Tel: +49 (0)931 79717-18
http://www.multamedio.de                      Fax: +49 (0)931 79717-30

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]