Yes, it sounds like you're a beginner; we all were at one time. Being a
beginner, however, does not excuse you from your responsibility of
_attempting_ to research a topic on your own before bringing it to a
public forum. See http://www.catb.org/~esr/faqs/smart-questions.html
for information on "How to Ask Questions the Smart Way".
Now, to answer your question, and some of the questions you inevitably
_will_ have the deeper you research, first memorize this URL to find
RFCs: http://search.ietf.org/
AFAIK, SSL was a Netscape spec, though, so it's here:
http://wp.netscape.com/eng/ssl3/draft302.txt
And, you might as well read up on the successor to SSL, TLS:
http://www.ietf.org/rfc/rfc2246.txt
TLS again, this obseletes the preceeding doc:
http://www.ietf.org/rfc/rfc3546.txt
Depending on _how_ new you are, you may also find this useful:
http://ietf.org/rfc/rfc2151.txt
I don't intend any offense; it just pisses me off when it appears
someone hasn't even attempted to help themselves before asking or
expecting the community to help them. Help us help you.
Joey Peloquin
-----Original Message-----
From: trystano (at) aol (dot) com [email concealed] [mailto:trystano (at) aol (dot) com [email concealed]]
Sent: Tuesday, December 02, 2003 11:18 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: SSL workings
Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use
of certificates etc.
But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?
beginner, however, does not excuse you from your responsibility of
_attempting_ to research a topic on your own before bringing it to a
public forum. See http://www.catb.org/~esr/faqs/smart-questions.html
for information on "How to Ask Questions the Smart Way".
Now, to answer your question, and some of the questions you inevitably
_will_ have the deeper you research, first memorize this URL to find
RFCs: http://search.ietf.org/
AFAIK, SSL was a Netscape spec, though, so it's here:
http://wp.netscape.com/eng/ssl3/draft302.txt
And, you might as well read up on the successor to SSL, TLS:
http://www.ietf.org/rfc/rfc2246.txt
TLS again, this obseletes the preceeding doc:
http://www.ietf.org/rfc/rfc3546.txt
Depending on _how_ new you are, you may also find this useful:
http://ietf.org/rfc/rfc2151.txt
I don't intend any offense; it just pisses me off when it appears
someone hasn't even attempted to help themselves before asking or
expecting the community to help them. Help us help you.
Joey Peloquin
-----Original Message-----
From: trystano (at) aol (dot) com [email concealed] [mailto:trystano (at) aol (dot) com [email concealed]]
Sent: Tuesday, December 02, 2003 11:18 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: SSL workings
Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use
of certificates etc.
But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?
Sorry if this sounds kind of beginner like :-s
Cheers
Tryst
[ reply ]