introduction to ssl
DESCRIPTION
Secure Layer Protocol (SSL)TRANSCRIPT
Walk Through of an SSL Session
Peter Robinson
April 1999
How does SSL Work?
• By establishing a secure Web session.
Clicking on a secure Web site sends a “Client Hello” message to the Web server.
Web Server
Initiating a Secure Web Session
Hello, let’s set up a Web session.
A secure Web site begins with: https://
Web Server
The “Server Hello” includes its public key certificate and a signed blob of information which the Browser uses to verify that the server actually owns the associated private key.
The Server Response Message
Server
Server’s public key
Server Authentication
The server’s public key certificate is checked by the browser.
Server
Server’s public key
AT&T
GTE
ABC Co.
Verisign
Today is:
April 14, 1999
ABC Company
From: July 31, 1996To: Dec 31, 2003
A symmetric key is generated and copied to a message.
The symmetric key is encrypted with the Web server’s public key.
Generation of the Symmetric Key
Symmetric key
Server’s public key
The browser sends the encrypted symmetric key to the Web server so that they will each have a copy.
Web Server
Sending the Symmetric Key
The Web server uses its private key to decrypt the symmetric key.
Web Server
Server private key
Decrypting the Symmetric Key
Web Server
The SSL handshake is complete. A secure session is established and information can now
be securely passed back and forth between the browser and Web server.
SSL
Completion of the Handshake