MasterRad

: Secure Sockets Layer (SSL):

: .

oj : 833/2008

, 2010.

31.

31.1. SSL

51.2.

71.3. SSL Handshake

81.4. SSL ChangeCipherSpec

81.5. SSL Record

91.6. SSL Alert

112. SSL

112.1.

122.2.

122.3.

132.4. " "

132.5. Cipher suite -

152.6.

153. SSL

153.1. SSL (VPM)

173.2. Online

183.3. S-HTTP SSL

194. SSL

205.

226.

1.

1.1. SSL

Secure Sockets Layer (SSL) () , (. ) . SSL , (. TCP/IP), SSL . , , , , , . , , , , , . SSL- . , .

SSL Netscape Communications , Nescape Navigatorom. , 1.0, 1994. , , . 2.0 Netscape Navigatorom, 1 2. SSL 2.0, Microsoft , PCT. SSL 3.0, PCT-, SSL 2.0. , Internet Engineering Task Force (IETF)

y y (TLS) , 1996. , SSL- 3.0. TLS 1.0, 1999. RFC 22461. TLS

IETF-, SSL- . , , WTLS (Wireless TLS - TLS).

SSL , . ISO/OSI . , SSL . , SSL User Datagram (UDP), , IP . , SSL : Simple Network Management Protocol (SNMP), Network File System (NFS), Domain Name Service (DNS), "voice over IP". SSL -: SSL Record SSL Handshake, 4 :

1) SSL Record,

2) SSL Handshake,

3) ChangeCipherSpec, i

4) Alert.

SSL Record , . SSL Handshake , . , TCP . Handshake , , PreMasterSecret, MasterSecret. ChangeCipherSpec (CCS) , Record () . (Alert), , "handshake-a". , Record , , , -. SSL (connection) (session). , "handshak-". (session) (connections). , :

(ID),

,

,

,

MasterSecret .

,"handshake" : , , "" , , . , ChangeCipherSpec. , . , . , , . SSL 24 , . Record ("") . , , . , .

1.2.

, SSL -, . . , MasterSecret ( ) , , "hash" , MAC- ( ).

1.3. SSL Handshake

SSL . , . , .

, . .

, . . , ClientHello . , . . ServerHello , ServerHelloDone . , ( ), PreMasterSecret , . . ChangeCipherSpec (Cipher Spec) , . , Finished . Finished . ChangeCipherSpec Handshake . , , Client_Random Server_Random, ClientHello ServerHello , , "hash" . , , ClientHello ServerHello . ChangeCipherSpec "handshake" Finished .

Session ID ClientHello . Session ID , , , "handshake", .

1.4. SSL ChangeCipherSpec

SSL . . (). Cipher Spec Cipher Spec , ( , : , , .) Record sloja.

1.5. SSL Record

Record ChangeCipherSpec . , "handshake" TCP . , (Handshake, Alert, ChangeCipherSpec, ), :

214 .

.

MAC- ( ) .

().

.

, , . , , . , Record Alert . Record 5 . :

(1 ),

(1 ),

(1 ),

(2 ).

(Handshake, ChangeCipherSpec, Alert, Application Data). " " SSL- ( SSL 3, 3). " " SSL- ( SSL 3, 0). , " " , 214 + 204822. SSL. SSL, SSL .

1.6. SSL Alert

, , . , , . . , . . , ( ), .

: , , Handshake , Record . , , SSL - ( ) , , .

2. SSL

SSL "" , . , , . SSL , w , . . , , SSL . SSL : , . , , , . " " , . , .

2.1.

SSL -, . , , . , . , . , , , , . x . :

SSL ;

Internet Explorer;

.

, . , w , . . browser SSL , . Browser , , . , Internet Exploreru Netscape-, . , , "". 2.2.

SSL , web browser . , , , . , SSL . SSL -, , " ".

2.3.

Windows - . SSL w . ()

, "" . Internet Exploreru i Windows Media Playeru, . , . , . , , . . y . , Windows 98, . Windows 2000 i XP, . 2000. . , : Windows 98, Windows NT Workstation, Windows 2000 Professional, i Windows XP Professional. " ".

2.4. " "

, w , , w w . SSL w , w. w, . , , SSL . , w , "" SSL .

2.5. Cipher suite -

SSL , 2.0, ( , , .) . 3.0, 2.0. , . - , , Hello . 3.0 MasterSecret, , . Handshake , , . , ChangeCipherSpec, . . ChangeCipherSpec Finished , MAC ( ) Handshake MasterSecreta. 48- MasterSecret , . Finished ( ). , Finished. :

1. KS: [ChangeCipherSpec]

2. KS: [Finished:]{a}k

3. SK: [ChangeCipherSpec]

4. SK: [Finished:]{a}k

5. KS: {m}k

{*} Record , , Finished , MAC- "handshake" .

2.6.

. 1998. , 40- , 512- . , 27% 40- . Browseri 40- SSL . 40- , (512) RSA . y (2000) 83% SSL . "" RSA , SSL . 3. SSL 3.1. SSL (VPM)

() , , . , . IPSec, , SSL . w w SSL. SSL , , w SSL.

SSL SSL "x" ( ) , /, w . , , "proxy" () . , "xy" , . w "" , w .

, , SSL . SSL -, , IPSec-, . , SSL , , , VPM . , , :

, X.509 ;

40- 128- 4 .

SSL - VPM-:

;

( PC-);

;

.

SSL - VPM-:

w ;

" ";

SSL , IPSec-.

3.2. Online

World Wide Web- . , - . 90% - . , . - ? - : Secure Sockets Layer (SSL) Secure Electronics Transaction (SET). SSL () . w w, Netscape Communicator 7.1, 128 - SSL . SSL , . , , SSL . . , , , , , . SSL , . . SSL , .

1. ;

2. -;

3. SSL ;

4. ;

5. ();

6. ;

7. .

, . , . . SSL , , SSL , , , TCP/IP .

3.3. S-HTTP SSL

- (S-HTTP) HTTP-, Enterprise Integration Technologies . , S-HTTP SSL w , , , () . , : SSL , , HTTP TCP/IP . S-HTTP HTTP. .

"" . S-HTTP w . .

S-HTTP . S-HTTP- , w . SSL , - w , SSL .

w w SSL- w . , - SSL .

4. SSL

SSL

. , , , SSL . SSL www consortiuma (www.w3.org) . SSL . SSL- . .

S-MIME

Secure-MIME RSA MIME . . SSL-, . MIME-a, SMIME SSL.

S-HTTP

Secure HTTP HTTP-, ISO/OSI . - , S-HTTP . , , SSL. , .

SSH

Secure Shell . , , . .

PEM Private Enhanced Mail - , . PEM , . PEM .

PCT Private Communication Technology Microsofta SSL 2. SSL- , . PCT SSL-, . SSL 3, , PCT . SHEN

SHEN HTTP. CERN-, HTTP, , .

PGP

Pretty Good Privacy , . . , . 5. SSL (Secure Sockets Layer) () , (. ) . SSL , . , , , , , . , , , , , . SSL - . , .SSL Netscape Communications, Nescape Navigatorom. , 1.0, 1994. , , . 2.0 Netscape Navigatorom, 1 2. SSL 2.0, Microsoft , PCT (Private Communications Transport). SSL 3.0, Microsoft- PCT-, SSL 2.0. , IETF (Internet Engineering Task Force) , 1996. , SSL- 3.0. TLS (Transport Layer Security) 1.0, 1999. RFC (Request For Comments) 22461. IETF-, SSL- . , , WTLS (Wireless Transport Layer Security ).6.

1. Benjamin Reyes, Kavitha Swaminathan, Jefferson Vega, Zuofeng Yuan, (2003) Secure Sockets Layer Protocol, University of Maryland, ENTS-650, Network security, Project paper.

2. Bill Brogden, Chriss Minnick, (2001) XML JSP, , .

3. Brian Komar, (1999) TCP/IP, , .

4. , (2002) W , , , , ,

5. IETF, TLS protocol, (1999) http://www.ietf.org/html.charters/tls-charters.html.

6. Micke Pettersson, Mickes Web Security, http://www3.tsl.uu.se/~micke. 7. Netscape Communications Corporation, (1996)

http://wp.netscape.com/eng/ssl3/draft302.txt, SSL protokol, verzija 3.0.

8. Sun Microsystems, Inc, Introduction to SSL,

http://docs.sun.com/source/816-6156-10/contents.htm

9. OpenReach Inc., (2002)

http://www.webtorials.com/main/resource/papers/openreach/paper1/IPSec_vs_SSL.pdf

10. Inc, http://www.rsa.com. PAGE