Preface
In the third assignment of "Network Security Practice", we are asked to trace TLS/SSL traffic package. I am writing down my understanding of TLS/SSL after studying on Wikipedia and other sites.
Procedure
Objects
- CLIENT A
- SERVER A: serving the desired application services for CLIENT A
- SERVER B: the server which issues digital certification for SERVER A
Steps
- [CLIENT] → [SERVER A]
- request secure connection
- offer a list of supported cipher suites
- [SERVER A] → [CLIENT]: send back followings:
- picked cipher/hash function
- its identification (digital certificate), mostly contains:
- servername
- trusted certificate authority
- public encryption key
- [CLIENT] → [SERVER B]: check validity of SERVER A
- [CLIENT] ←→ [SERVER A]: generate the session key
- [CLIENT] encrypts a random number using received public key, then send out the result
- [SERVER B] decrypts with its private key, then get the random number
- [CLIENT] ←→ [SERVER A]: start various application-layer communications by encrypting/decrypting with the picked hash function & the random number
Reference
No comments:
Post a Comment