transport layer security - mrinal wadhwa

Transport Layer Security

Mrinal Wadhwa

http://www.mrinalwadhwa.com

SSL v1before 1995, internal to Netscape, never released

SSL v2draft published in FEB 1995

SSL 0.2 PROTOCOL SPECIFICATIONhttp://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html

SSL v3

The SSL Protocol Version 3.0http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt

draft published in NOV 1996

TLS 1.0RFC 2446 - in Jan 1999

The TLS Protocol Version 1.0http://tools.ietf.org/html/rfc2246

TLS 1.1RFC 4346 - in April 2006

The Transport Layer Security (TLS) Protocol Version 1.1http://tools.ietf.org/html/rfc4346

TLS 1.2RFC 5246 - in August 2008

The Transport Layer Security (TLS) Protocol Version 1.2http://tools.ietf.org/html/rfc5246

"The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."

- The Transport Layer Security (TLS) Protocol Version 1.2

Record Protocolhttp://tools.ietf.org/html/rfc5246#section-6

The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies

a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to

higher-level clients.

struct { ConnectionEnd entity; PRFAlgorithm prf_algorithm; BulkCipherAlgorithm bulk_cipher_algorithm; CipherType cipher_type; uint8 enc_key_length; uint8 block_length; uint8 fixed_iv_length; uint8 record_iv_length; MACAlgorithm mac_algorithm; uint8 mac_length; uint8 mac_key_length; CompressionMethod compression_algorithm; opaque master_secret[48]; opaque client_random[32]; opaque server_random[32]; } SecurityParameters;

Change Cipher Spec Protocol

http://tools.ietf.org/html/rfc5246#section-7.1

Alert Protocolhttp://tools.ietf.org/html/rfc5246#section-7.2

Handshake Protocola simplified discussion

http://tools.ietf.org/html/rfc5246#section-7.3

struct { } HelloRequest;

Hello Request

http://tools.ietf.org/html/rfc5246#section-7.4.1.1

struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;

Client Hello

http://tools.ietf.org/html/rfc5246#section-7.4.1.2

CIPHER SUITES

TLS_RSA_WITH_AES_128_CBC_SHA

Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C

"The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and RSA as the key exchange mechanism."

CIPHER SUITES

TLS_RSA_WITH_AES_128_CBC_SHA

Key Exchange - RSACipher - AES_128_CBCMac - SHA (HMAC-SHA1)

struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;

Server Hello

http://tools.ietf.org/html/rfc5246#section-7.4.1.3

opaque ASN.1Cert<1..2^24-1>;

struct { ASN.1Cert certificate_list<0..2^24-1>;} Certificate;

Server Certificate

http://tools.ietf.org/html/rfc5246#section-7.4.2

struct { } ServerHelloDone;

Server Hello Done

http://tools.ietf.org/html/rfc5246#section-7.4.5

struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case dhe_dss: case dhe_rsa: case dh_dss: case dh_rsa: case dh_anon: ClientDiffieHellmanPublic; } exchange_keys; } ClientKeyExchange;

Client Key Exchange Message

http://tools.ietf.org/html/rfc5246#section-7.4.7

struct { opaque verify_data[verify_data_length]; } Finished;

Finished

http://tools.ietf.org/html/rfc5246#section-7.4.9

?

- mrinalwadhwa.com

- email@mrinalwadhwa.com

- @mrinal

- github.com/mrinalwadhwa