21 04, 2015

How does SSL/TLS work – part three

The previous post in this series about SSL/TLS described the handshake – the process that establishes an SSL/TLS session between client and server. The session includes agreed-upon encryption keys. Now, let’s drill down to how the data sent across the wire is packaged – the record protocol and the alert protocol.

Record protocol

The record protocol is responsible for compression, encryption and verification of the data. All data to be transmitted is split into records. Each record consists of a header […]

13 04, 2015

How does SSL/TLS work – part two

As part one explained, SSL/TLS is intended to provide secure network connections between a client (e.g. a web browser), and a server (e.g. a web server) by encrypting all data that is passed between them.

To achieve this, public key encryption is used to verify the parties in the encrypted session, and to provide a way for client and server to agree on a shared symmetric encryption key. This post explains the process in […]

31 03, 2015

How does SSL/TLS work – part one

History

The Secure Sockets Layer (SSL) is a cryptographic protocol designed to secure communications over TCP/IP networks. SSL was developed by Netscape during the early 1990′s, but various security flaws meant that it wasn’t until SSL 3.0 was released in 1996 that SSL became popular.

It was also during this time that an open source implementation of SSL called SSLeay was made available by Eric Young, which helped ensure its widespread adoption on the Internet. The Apache web […]

23 03, 2015

What are certificates?

In How does public key encryption work?, it was explained that there needs to be a way of reliably associating public keys with their owners. Using someone’s public key to encrypt a message intended for them requires knowing that it is indeed their public key.

Certificate authorities are the solution to this problem. A certificate authority (a “CA”) is an organization that issues digital certificates. A digital certification is an electronic document that certifies ownership of […]

16 03, 2015

What are cryptographic hashes?

Cryptographic hash algorithms are important mathematical functions used widely in software, particularly in secure protocols such as SSL/TLS and SSH.

A hash algorithm is supplied a block of data, known as the message, and produces a much smaller hash value, known as the message digest, or simply the digest. The same message will always result in the same digest. Different messages produce different digests.

An important feature of hash algorithms is that given a particular digest, it is extremely […]

14 03, 2015

OpenSSL security audit

OpenSSL is to undergo a comprehensive security audit by NCC Group.

OpenSSL is one of the most widely deployed software libraries in the world, and is a critical part of the Internet’s security infrastructure. It is an open source implementation of the Secure Sockets Layer (SSL 2/3) and Transport Layer Security (TLS), and is used in many web servers and web browsers.

Heartbleed - the catastrophic security flaw uncovered during 2014 - put OpenSSL in the news and […]