Topic: How does SSL/TLS work?

Message

   How does SSL/TLS work?

SSL/TLS provides authentication when a user attempts to access a secure Web server. SSL/TLS consists of four operations: 

• Handshake and cipher suite negotiations.
Client and server contact each other and choose a common cipher suite.
The suite includes a method for exchanging the shared secret key; a
method for encrypting data; and a Message Authentication Code (MAC)
specifying how application data will be hashed and signed to prove
integrity. 

• User identity authentication. The
server always authenticates its identity to the client. However,
whether the client needs to authenticate with the server depends on the
application. The exact authentication method (primarily, which digital
certificate format will be used) depends on the negotiated cipher
suite. 

• Key exchange. After choosing
a cipher suite, the client and server exchange a key, or the precursors
with which to create a key, that they will use for data encrypting
(again, depending on the negotiated cipher suite's requirements). 

• Application data exchange.
The client application and the server application communicate with each
other. All data is encrypted using the negotiated bulk encryption
method.

Author	Message
tanu Newbie Joined: 03Apr2007 Online Status: Offline Posts: 15	Topic: How does SSL/TLS work? Posted: 03Apr2007 at 11:38pm
	How does SSL/TLS work? SSL/TLS provides authentication when a user attempts to access a secure Web server. SSL/TLS consists of four operations: • Handshake and cipher suite negotiations. Client and server contact each other and choose a common cipher suite. The suite includes a method for exchanging the shared secret key; a method for encrypting data; and a Message Authentication Code (MAC) specifying how application data will be hashed and signed to prove integrity. • User identity authentication. The server always authenticates its identity to the client. However, whether the client needs to authenticate with the server depends on the application. The exact authentication method (primarily, which digital certificate format will be used) depends on the negotiated cipher suite. • Key exchange. After choosing a cipher suite, the client and server exchange a key, or the precursors with which to create a key, that they will use for data encrypting (again, depending on the negotiated cipher suite's requirements). • Application data exchange. The client application and the server application communicate with each other. All data is encrypted using the negotiated bulk encryption method. Post Resume: Click here to Upload your Resume & Apply for Jobs

	IP Logged


One Stop Testing Forum : Types Of Software Testing @ OneStopTesting : Manual Testing @ OneStopTesting