2
How It Works
When a client and server communicate, SSL ensures that the connection is private and secure by providing authentication,
encryption, and integrity checks. Authentication confirms that the server, and optionally the client, is who they say they are.
Encryption through a key-exchange then creates a secure “tunnel” between the two that prevents any unauthorized system
from reading the data. Integrity checks guarantee that any unauthorized system cannot modify the encrypted stream without
being detected.
SSL-enabled clients (such as a Mozilla™ or Microsoft Internet Explorer™ web browser) and SSL-enabled servers (such as
Apache or Microsoft IIS™) confirm each other’s identities using digital certificates. Digital certificates are issued by trusted
third parties called Certificate Authorities (CAs) and provide information about an individual’s claimed identity, as well as their
public key. Public keys are a component of public-key cryptographic systems. The sender of a message uses a public key to
encrypt data. The recipient of the message can only decrypt the data with the corresponding private key. Public keys are known
to everybody; private keys are secret and only known to the owner of the certificate. By validating the CA digital signature on
the certificates, both parties can ensure that an imposter has not intercepted the transmission and provided a false public key
for which they have the correct private key. SSL uses both public-key and symmetric key encryption. Symmetric key encryption
is much faster than public-key encryption, but public-key encryption provides better authentication techniques. So SSL uses
public key cryptography for authentication and for exchanging the symmetric keys that are used later for bulk data encryption.
The secure tunnel that SSL creates is an encrypted connection that ensures that all information sent between an SSL-enabled
client and an SSL-enabled server remains private. SSL also provides a mechanism for detecting if someone has altered
the data in transit. This is done with the help of message integrity checks. These message integrity checks ensure that the
connection is reliable. If, at any point during a transmission, SSL detects that a connection is not secure, it terminates the
connection and the client and server establish a new secure connection.
SSL Transactions
The SSL transaction has two phases: the SSL Handshake (the key exchange) and the SSL data transfer. These phases work
together to secure an SSL transaction.
Client
Client Initiates
Handshake
Client Verifies
Servers Identity
Server Decrypts
Master Secret
Server Responds
Client Sends
Secret
Server & Client
Create Keys
Secure Tunnel Data Transfer Begins
Server
Internet
Digital
Certificate
Master
Secret
3
5
SSLSSL
7
4
1
6
2
Figure 2 - SSL Transaction
Technology Primer: Secure Sockets Layer (SSL)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais