An article to help you understand the SSL protocol

2022.02.24

 What is SSL? SSL is the Secure Sockets Layer Secure Socket Protocol, and we usually learn it together with TLS when we learn SSL. TLS and SSL encrypt network connections between the transport layer and the application layer. Let's look at the SSL protocol first, and then the TLS protocol. The SSL protocol sits between the TCP/IP protocol and the various application layer protocols that provide security for data communication, and can be divided into two layers. SSL Record Protocol (SSL). It is built on top of a reliable transport protocol (such as TCP) and provides support for basic functions such as data encapsulation, compression, and encryption for higher-level protocols. SSL Handshake Protocol. It is built on top of the SSL logging protocol and is used to authenticate both parties, negotiate encryption algorithms, and exchange encryption keys before the actual data transfer begins. To talk about the SSL protocol let's first look at the structure. The SSL architecture contains two protocol sublayers, the bottom of which is the The bottom layer is the SSL Record Protocol Layer; The higher layer is the SSL HandShake Protocol Layer. The SSL Record Protocol Layer is used to provide basic security services for the higher layer, while the SSL HandShake Protocol Layer is used for SSL management information exchange, allowing the application protocols to transmit data for mutual authentication, negotiate encryption algorithms and generate keys. How SSL Works The SSL process is actually divided into two parts, one is sending and the other is receiving, and each part deals with different things, after all, one is sending and the other is receiving. Sending process. (1) from the upper level to receive the data to be sent (including a variety of messages and data); (2) segmentation of the message, divided into a number of records; (3) Data compression using the specified compression algorithm; (4) Generate MAC using the specified MAC algorithm; (5) Encrypt the data using the specified encryption algorithm; (6) Add the header of the SSL logging protocol to send the data. At this point, the sending process is over, and the next step is the receiving process. Receiving process. (1) Receive the data and obtain the relevant information from the SSL logging protocol header; (2) Decrypt the data using the specified decryption algorithm; (3) Verify the MAC using the specified MAC algorithm; (4) Decompress the data using the compression algorithm (if required); (5) Reconstruct the records into data; (6) Send the data to a high level. (7) The final step in the SSL logging protocol processing is to attach an SSL logging protocol header to form an SSL log, which contains some of the control information for the SSL logging protocol. If the interviewer asks you to briefly describe the workflow of SSL? If you say that, it doesn't feel so powerful, so you can give him a distinction between the server authentication phase and the user authentication phase. Server authentication phase. (1) The client sends a start message "Hello" to the server in order to start a new session connection; (2) The server determines if a new master key needs to be generated based on the client's message, and if so, the server will include the information needed to generate the master key when responding to the client's "Hello" message; (3) The customer generates a master key based on the received server response information and encrypts it with the server's public key and transmits it to the server; (4) The server restores the master key and returns a master key authentication message to the customer, thus allowing the customer to authenticate the server. Subscriber authentication stage: Before that, the server has already passed the customer authentication, and this phase mainly completes the authentication of the customer. The authenticated server sends a question to the customer, and the customer returns the (digital) signed question and its public key, thus providing authentication to the server. There's nothing wrong with giving this to the interviewer, right? SSL encryption methods Speaking of encryption, this is a bit deeper, encryption algorithms are divided into two main categories. The first category is Symmetric encryption Type 2: Asymmetric encryption Asymmetric encryption What is symmetric encryption? Symmetric encryption is actually the use of the same key for encryption and decryption, usually called "Session Key", which is widely used today. Asymmetric encryption is a little more complicated. There are usually two keys, called "public key" and "private key", which must be used in pairs, otherwise the encrypted file cannot be opened. The "public key" here means that it can be published to the public, while the "private key" cannot and can only be known by the holder alone. This is where its superiority lies, because if the symmetric encryption method is used to transmit encrypted files over the network, it is difficult not to tell the key to the other party, and no matter what method is used, it may be overheard by others. The asymmetric encryption method has two keys, and the "public key" can be made public, so there is no fear of others knowing about it. If you use it, how do you want to use it? According to the server authentication and user authentication mentioned by Fan earlier, then we will continue to analyze how SSL encryption is used in this process. Simply put: (1) Authentication server (2) Collaboration session key (3) Encrypted transmission But if you dare to say that, you will be hammered to death. Forced to break it down in. Step 1: The client gives information about the supported SSL protocol version number, a random number of clients (Client random, please note that this is the first random number), and the encryption method supported by the client; Step 2: After receiving the information, the server confirms the encryption method used by both parties and returns a digital certificate, a server-generated random number (Server random, note that this is the second random number) and other information; Step 3: The client confirms the validity of the digital certificate, then generates a new random number (Premaster secret), then uses the public key in the digital certificate to encrypt this random number and sends it to the server. Step 4: The server uses its own private key to obtain the random number (i.e. Premaster secret) sent by the client; (steps 3 and 4 are the asymmetric encryption process) Step 5: The client and server generate the conversation key by the agreed encryption method (usually AES algorithm) using the first three random numbers and use it to encrypt the next communication contents; This is not done? Have you learned it?