This is a mirror of official site: http://jasper-net.blogspot.com/

SSL Handshake

| Monday, September 13, 2010
How do you exchange secrets without knowing the codes to use?  Typically it is a recursive kind of problem.  With the classic mode of symmetric encryption keys, it is necessary to magically transport the key to the other side.  This would often entail using a secure non-digital technique like carrying it there.

In the web, this is impractical and would hinder the use of encryption.  Thank goodness for PKI with its ability to keep the key secret while still enabling everyone to form secure communication with the owner of that key.

Years ago I researched what was necessary to support SSL with one of our products.  It was an interesting technology to study and it was impressive how effective it was.  The modern name is supposed to be TLS but it does not seem to be sticking in the market as a name.  To me, SSL sounds better.

Today I found an old Sun page talking about SSL Handshake.  It is funny how the older pages reveal more detail than the newer ones.  Perhaps we had more time to focus on it back then.

Some items that are often forgotten about:

  • It is possible to support client certificates to authenticate the user
  • The encryption used for the bulk of SSL data is actually symmetric key based (negotiated during initial handshake)
  • The client and server negotiate the type of encryption algorithm used
  • SSL was pioneered by Netscape around 1995

Here is another description of the SSL handshake from IBM.

Read more: Citrix Blogger

Posted via email from .NET Info

0 comments: