Cryptography Reference
In-Depth Information
12.1.4
SSL protocols
SSL essentially consists of two cryptographic protocols:
Handshake Protocol
. This protocol performs all the tasks that require agreement
between the two entities before they set up the secure SSL channel. In particular,
this protocol can be used to:
• agree on the cryptographic algorithms to be used to establish the secure
channel;
• establish entity authentication;
• establish the keys that will be needed to secure the channel.
Record Protocol
. This protocol implements the secure channel. This includes:
• formatting the data (for example, breaking it up into blocks);
• computing MACs on the data;
• encrypting the data.
SIMPLE SSL HANDSHAKE PROTOCOL DESCRIPTION
We will now describe the SSL Handshake Protocol. We will describe a 'simple'
version of this protocol, which is only designed to provide unilateral entity
authentication of the server to the client. This is the most common mode of
use of the protocol, although we later indicate how mutual entity authentication
can be added. Our description is simplified, since we primarily want to indicate
the use of cryptography in this protocol. Note that the names that we use for
the protocol messages are not strictly the same as the 'official' SSL message
names. The message flow of the simplified SSL Handshake Protocol is indicated
in Figure 12.1.
Client
Server
Client request
Server response
Pre-master secret transfer
Client finished
Server finished
Figure 12.1.
Simple SSL Handshake Protocol message flow
