How SSL works - why isn't there any real guides?

Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

Author: lillero PostPosted: Tue Aug 10, 2010 7:24 am    Post subject: How SSL works - why isn't there any real guides?
    ----
When the client connects to the server, it downloads the servers certificate. Does it open the hash of this downloaded certificate with the locally stored certificates public key, and this way make sure it's a legit server? Many guides just explain "it compares the certificates".

I want to learn what actually happens in all the steps during the SSL connection.


Please help!

- Lilléro

Moderator note: moved from Beginners - capi


Last edited by lillero on Thu Aug 12, 2010 12:21 pm; edited 2 times in total

Author: capiLocation: Portugal PostPosted: Tue Aug 10, 2010 1:34 pm    Post subject:
    ----
I suggest you read Wikipedia's article on Transport Layer Security (the successor to SSL). The How it works section may be of particular interest.

Author: lillero PostPosted: Wed Aug 11, 2010 8:05 am    Post subject:
    ----
Thanks for the reply

I previously read the SSL guide found in this website, but it leaves alot of questions unanswered, so i tried to find more information.

http://www.windowsecurity.com/articles/Secure_Socket_Layer.html

If there could be a website that explains in great detail the contents of .X509 certificate and how the parties are identified using it, for example in SSL connection it would be great.

For example in the wikipedia article, there are lines like:

"From the random number, both parties generate key material for encryption and decryption."

How does that actually happen? There is a random number, and encrypted material just comes... how?

Why is there sent a random number in both ClientHello and ServerHello messages? Are theser numbers encrypted?

What is a PreMasterSecret the client sends to server?

I appreciate all the help i can get.

Best regards,
lillero


Last edited by lillero on Thu Aug 12, 2010 12:07 pm; edited 1 time in total

Author: capiLocation: Portugal PostPosted: Wed Aug 11, 2010 12:26 pm    Post subject:
    ----
lillero wrote:
I also had some questions in the other thread about certificate principles, which are still unsanswered. For some reason it seems it's hard to find people who really know how the stuff works. I keep getting roundabout answers about keys and copy+paste to links that don't answer anything.

I think you will find that replying in the way in which you have above will not go very far towards motivating people to help you. Have you stopped to consider that the people who know how stuff works may have busy lives, and to appreciate the time someone takes from their work to post that "copy+paste link" instead of complaining about how they didn't have the 3 hours it would take to write a professional-level 3-page article on SSL and give it away to you for free?

Really, you ask an extremely open question about a complex matter giving absolutely no background and no specific questions, then you complain when you are given an introductory answer. Try walking up to a physics researcher and asking him to give you a lecture on quantum physics, then complain to him in such an offended manner when he refers you to a 2nd year physics book.

As for the random numbers, read up on nonces. As for key generation, there are several articles on that, both in Wikipedia and in general literature. You may want to read up on cryptographic hashes, too. As for the details of the protocol, really, read the RFC. You did see that the Wikipedia article contained links to further reading, no? Read RFC5246, read Microsoft's SSL/TLS in Detail (you did find that in the references section, no?). Go visit http://www.openssl.org and read the documentations; better yet, read the sources.

Author: lillero PostPosted: Thu Aug 12, 2010 12:11 pm    Post subject:
    ----
Holas

I'd like to get back to the issue.

After many years i thought somebody would have written such article. The article written by Onyszko is ok, but leaves some of the questions unanswered i pointed also in the wikipedia article.

If somebody can answer the questions i raised earlier, or point to similar even more comprehensive article, i'd appreciate it.

- Lilléro



Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group