Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
The Illustrated Network- P64:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices. | CHAPTER 23 Securing Sockets with SSL 599 SSL Handshake Protocol SSL Change Cipher Spec SSL Alert Protocol HTTP Others. SSL Record Protocol TCP IP Layer Network FIGURE 23.7 The SSL protocol stack in detail showing its relationship to HTTP and other protocols. associate security parameters with a specific flow of packets. SSL uses certificates for authentication digital signatures and message digests for integrity and encryption for privacy. Each of the three security areas has a range of choices allowed in order to respect local laws regarding cryptographic algorithms and new technologies to be included as developed. Specific choices in each area are negotiated when a protocol session connection is set up. SSL Protocol Stack The SSL protocol stack is shown in Figure 23.7. TLS can be regarded as an enhanced version of the SSL protocol stack but the components are essentially the same. SSL usually uses Diffie-Hellman a secure key exchange method used on unsecure networks to exchange the keys. The handshake procedure itself uses three SSL protocol processes the SSL Handshake Protocol for the overall process the SSL Change Cipher Spec Protocol for Cipher Suite specification and negotiation and the SSL Alert Protocol for error messages. All three of these protocols use the SSL Record Protocol to encapsulate their messages as well as the application data flowing on the session once established. The nice thing about the SSL Record Protocol is that it provides a way to renegotiate active session parameters or establish a new session using a secure path. Initial session handshakes without a functioning and secure SSL Record Protocol must use a NULL Cipher Suite plain text which is of course a risk. SSL Session Establishment Established SSL sessions can be reused which is good because the SSL session establishment process requires the exchange of many messages. Sessions are established after a complex handshake routine between client and server. There are many 600 PART IV .
