Secure Socket Layer Transport Layer Security

More documents

Recommendations

Info

Deriving Connection Keys, IVs Key_Block = PRF master_secret (“key expansion”|| Server_random _ Client_random) Split Key_Block to ClientMACKey, serverMACKey, ClientEncryptKey,…(using fixed order) Server_random master_secret PRF Key_Block MAC keys Encrypt keys Client_random IVs PRF details differ btw TLS and SSL3… SSL Session State Information Elements Session ID: ID: chosen by the server to identify an active or resumable session state Peer certificate: certificate: certificate for peer entity (X.509 v. 3) Compression method: algorithm to compress data before encryption Cipher spec: spec: specification of data encryption and Message Authentication Code (MAC) algorithms Master secret: secret: 48-byte 48 byte secret shared between client and server Is resumable: flag that indicates whether the session can be used to initiate new connections
SSL Session State Information Elements (suite) Server and client random: byte sequences that are chosen by server and client for each connection Server write MAC secret: secret used for MAC on data written by server Client write MAC secret: secret used for MAC on data written by client Server write key: key used for data encryption by server and decryption by client Client write key: key used for encryption by client and decryption by server Initialization vector: for CBC block ciphers Sequence number: for both transmitted and received messages, maintained by each party SSL Record Protocol page 38
Page 1 and 2: VPN Secure Socket Layer Transport L
Page 3 and 4: Transport Layer Security • Advant
Page 5 and 6: No client auth; weak encryption; Ma
Page 7 and 8: Principe de fonctionnement de SSL:
Page 9 and 10: Certificat X509 - Autorité de cert
Page 11 and 12: Web Security with SSL/TLS (simplifi
Page 13 and 14: Using Public Key Certificates • W
Page 15 and 16: SSL Sub-Protocols Sub Protocols La
Page 17: A Pseudo-Random Pseudo Random Funct
Page 21 and 22: SSL Alert Protocol (2) Use two-byt
Page 23 and 24: Phase 1 - Establish Parameters Clie
Page 25 and 26: Phase 4 - Finish Client Server Clie
Page 27 and 28: SMTP over TLS : Solutions Serveurs
Page 29: Spoofed Location Bar (1) Spoofed w

Secure Socket Layer Transport Layer Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?