TLS stands for Transport Layer Security. It's the IETF standarized version of SSL, which was created by Netscape. This protocol is specified in RFC2246.

TLS enables two parties to establish a secure connection over an insecure channel. Any normal TCP based protocol can be used over an encrypted TLS channel.

TLS exchanges records, each record can be optionally compressed, encrypted and packed with a MAC. Each record has a content_type field that specifies which upper level protocol is transmiting.

When the connection starts, the record level carries on itself another protocol, the handshake protocol, which has contenttype 22.

The client sends and receives several handshake structures:

It sends a ClientHello specifying the list of cipher suites, compression methods and the highest protocol version it supports. It also sends random bytes which will be used later.

Then it receives a ServerHello, in which the server chooses the connection parameters from the choices offered by the client earlier.

When the connection parameters are known client and server exchange certificates (depending on the selected public key cipher). These certificates are currently X.509, but there's a draft specifying the use of OpenPGP ones either.

The server can ask to the client for a certificate, so the connection could be authenticated in both ways.

Client and servers negotiate a common secret called "master secret". All other key data is taken from this secret (and the client and server randoms), passed through a carefuly designed "Pseudo Random Function".

TLS has a lot of security measures:

  • numbering all the records and use that in the MACs.
  • Using message digest enhanced with a key (so only with the key you can check the MAC). This is specified in RFC2104).
  • Protection against several known attacks and MIM attacks, like those involving a downgrade of the protocol to previous (more insecure) versions, or weaker cipher suites.
  • The message that ends the handshake ("Finished") sends a hash of all the exchanged data seen by both parties.
  • The pseudo random function splits the input data in 2 halves and processes them with different hashing algorithms (MD5 and SHA), then XORs them togheter. This way it protects itself in the event that one of those algorithms are found vulnerable.

Log in or register to write something here or to contact authors.