3. SSL v2
draft published in FEB 1995
SSL 0.2 PROTOCOL SPECIFICATION
http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
4. SSL v3
draft published in NOV 1996
The SSL Protocol Version 3.0
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
5. TLS 1.0
RFC 2446 - in Jan 1999
The TLS Protocol Version 1.0
http://tools.ietf.org/html/rfc2246
6. TLS 1.1
RFC 4346 - in April 2006
The Transport Layer Security (TLS) Protocol Version 1.1
http://tools.ietf.org/html/rfc4346
7. TLS 1.2
RFC 5246 - in August 2008
The Transport Layer Security (TLS) Protocol Version 1.2
http://tools.ietf.org/html/rfc5246
8. "The TLS protocol provides communications security
over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to
prevent eavesdropping, tampering, or message forgery."
- The Transport Layer Security (TLS) Protocol Version 1.2
10. The Record Protocol takes messages to be transmitted, fragments the
data into manageable blocks, optionally compresses the data, applies
a MAC, encrypts, and transmits the result. Received data is
decrypted, verified, decompressed, reassembled, and then delivered to
higher-level clients.
16. Client Hello
http://tools.ietf.org/html/rfc5246#section-7.4.1.2
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-2>;
CompressionMethod compression_methods<1..2^8-1>;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ClientHello;
17. CIPHER SUITES
TLS_RSA_WITH_AES_128_CBC_SHA
"The connection is encrypted using AES_128_CBC, with SHA1 for
message authentication and RSA as the key exchange mechanism."
Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9
Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
22. Client Key Exchange Message
http://tools.ietf.org/html/rfc5246#section-7.4.7
struct {
select (KeyExchangeAlgorithm) {
case rsa:
EncryptedPreMasterSecret;
case dhe_dss:
case dhe_rsa:
case dh_dss:
case dh_rsa:
case dh_anon:
ClientDiffieHellmanPublic;
} exchange_keys;
} ClientKeyExchange;