2. You go up to meet the server, talk to it, and shake its hand (SSL
handshake):
"Ok lets talk, can you Diffie?" "Yes I can." "Can you RC4 128?" "No I
cannot but I can 3DES?" "Sorry I only RC4 128". "Goodbye" (Negotiate
what cipher suite to use). (ok but we will pretend she (I mean it) said yes
to 3DES.)
Now the server sends its certificate, you authenticate the server by
validating the certificate. And now you go to the champagne room, I mean
you go sit down and talk in your private language (symmetric encryption).
3. Now every time you talk you do so in your private session, until you
leave:
You say something it is Hashed, the "hash" (if the bar you are in happens to
be in Amsterdam) is encrypted, you send the hash and encrypted data. And
vice versa. And you both only accept the information if all values match.
4. Once you leave a new negotiation occurs. New keys etc....
Of course most of the time it just ends at the "Goodbye"
_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
dave (at) isecureu (dot) com [email concealed]
www.SecurityBreachResponse.com
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-----Original Message-----
From: trystano (at) aol (dot) com [email concealed] [mailto:trystano (at) aol (dot) com [email concealed]]
Sent: Tuesday, December 02, 2003 12:18
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: SSL workings
Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use of
certificates etc.
But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?
It is kind of like dating:
1. You see some hot server you want to hang with.
2. You go up to meet the server, talk to it, and shake its hand (SSL
handshake):
"Ok lets talk, can you Diffie?" "Yes I can." "Can you RC4 128?" "No I
cannot but I can 3DES?" "Sorry I only RC4 128". "Goodbye" (Negotiate
what cipher suite to use). (ok but we will pretend she (I mean it) said yes
to 3DES.)
Now the server sends its certificate, you authenticate the server by
validating the certificate. And now you go to the champagne room, I mean
you go sit down and talk in your private language (symmetric encryption).
3. Now every time you talk you do so in your private session, until you
leave:
You say something it is Hashed, the "hash" (if the bar you are in happens to
be in Amsterdam) is encrypted, you send the hash and encrypted data. And
vice versa. And you both only accept the information if all values match.
4. Once you leave a new negotiation occurs. New keys etc....
Of course most of the time it just ends at the "Goodbye"
_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
dave (at) isecureu (dot) com [email concealed]
www.SecurityBreachResponse.com
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-----Original Message-----
From: trystano (at) aol (dot) com [email concealed] [mailto:trystano (at) aol (dot) com [email concealed]]
Sent: Tuesday, December 02, 2003 12:18
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: SSL workings
Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use of
certificates etc.
But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?
Sorry if this sounds kind of beginner like :-s
Cheers
Tryst
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
[ reply ]