SSL

The Secure Sockets Layer, SSL, is a protocol proposed by Netscape Communications to provide authentication, confidentiality and integrity services for Internet communications. Version 3.0 of the protocol still has the status of Internet Draft and has thus not yet been finalized. However, Netscape Communications have already incorporated support for the protocol into their products.

SSL is a client/server protocol that is designed to be interspersed immediately above the transport layer in the IP protocol suite, as illustrated by figure 7.1. An advantage of SSL is that higher-level protocols, and applications based on them, need not be aware of the existence of SSL.

  
Figure 7.1: Relative placement of SSL in the IP protocol suite.

The SSL protocol is in itself layered, the Record Layer interfaces SSL to an underlying stable transport protocol, such as TCP. Higher-level protocols within SSL exist to establish and use SSL sessions.

Record layer

Communications utilizing SSL take place in connections. Associated with each connection is a number of attributes that describe the current connection state. State information is kept at both end points. Connections between two entities are always established within the context of an SSL session. The state attributes associated with a session apply to all connections within that session. Several sessions may be active at the same time.

A record that is to be transmitted through SSL is first compressed and then protected. Protection is afforded by the addition of a sequence number and a message authentication code (MAC) to each record before it is encrypted.

To compute a MAC, MD5 or SHA can be used. For encryption either a stream cipher or a block cipher can be applied. The supported stream cipher is RC4 and supported block ciphers are RC2, DES, and FORTEZZA (see section 6.1.3 for information on algorithms).

The session state contains information about which method should be used in each of these transformation stages. Any or all of the transformations can be the identity transformation. In the latter case no protection is offered.

Connection state attributes contain parameters, such as cryptographic keys, that are used when applying the transformations specified in the session state.

SSL internal protocols

The SSL specification defines a number of protocols internal to SSL that exist on top of the record layer. These protocols are

Handshake protocol.

The responsibility of the handshake protocol is to establish a session between a server an a client and in doing so perform necessary authentication and exchange of encryption keys to be used for further communications. A special hello message is used by the client to confer to the server a set of preferred combinations of key exchange algorithm, MAC method and bulk encryption algorithm. A set of possible such combinations, called Cipher Suites, are defined. The hello message also includes a list of supported compression methods. In response to a client hello, a server hello is sent. This message informs the client of a session id for the session and which cipher suite and compression method the server has selected to use from the alternatives provided by the client.

In addition to the hello messages, the handshake protocol also specifies how certificates and session keys are to be exchanged.

A client may send a client hello message upon request from a server, or on its own initiative to establish or re-negotiate the parameters for a session.

Change cipher spec protocol.

The exchange of hello messages and other information causes a pending session state to be established. The current state of an entity is replaced by the pending state upon receipt of a change cipher spec message.

Alert protocol.

The SSL Alert Protocol specifies how error messages can be sent between communicating parties. The most common action upon sending and receiving an alert message is to close the connection.

Application data protocol.

The application data protocol is not specified further than to provide an interface to the record layer through which application data can be sent and received, and transparently subjected to compression and encryption according to the current session state.