What is SSL? | How SSL Works | Tool Of SSL — Exploitbyte

Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet.

It is a protocol used to provide a secure authentication mechanism between two communicating applications, such as a client and a server. The SSL requires a reliable transport protocol, such as TCP, for data transmission and reception.

It use RSA asymmetric (public key) Encryption to encrypt data transferred over SSL connections.

Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key: it also verifies the destination server prior to the transmission and reception of data. The SSL encrypts the complete data of the application protocol to ensure security.

The SSL protocol also offers “ channelsecurity “ with three basic properties:

• Private Channel — All the message are encrypted after a simple handshake is used to define a secret key.
• Authenticated Channel — The server endpoint of the conversion is always encrypted, whereas the client endpoint is-optionally authenticated.
• Reliable Channel — Message transfer has an integrity check.

SSL uses both asymmetric and symmetric authentication mechanisms. Public-key encryption verifies the identities of the server, the client, or both. Once authentication has taken place, the client and server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responisble for carrying out the SSL handshake protocol to organize the states of the server and clients, thus ensuring the consistency of the protocol.

SSL Handshake Protocol Flow

The SSL handshake protocol works on top of the SSL record layer. The processes executed in the three-way handshake protocol are as follows:

1. The client sends a Hello message to the server, which the server must respond to with a Hello message, or the connection will fail due to the occurrence of a fatal error. The attributes established due to the server, and client hello are protocol version, Session ID, cipher suite, and compression method.
2. After the connection is established, the server sends a certificate to the client for authentication. In addition, server might send a server-key exchange message. On authentication of server, it may ask the client for the certificate.
3. The server sends a “Hello done” message to inform the client that the handshake phase is complete and waits for the client’s response.
4. If the client receives a certificate-request message, the client must respond to he message by sending a certificate message of “no certificate” alert. The server sends the client key-exchange message. The content of the message depends on the public-key algorithm between the server hello and client hello. If the certificate sent by the client has signing ability, a digitally signed certificate verifies the message, and the client transmits it.
5. The client transmits the changed cipher-spec message and copies the pending cipher spec into the current cipher spec. The client sends a message to initiate the completion of the message under the new algorithm, keys, and secrets.
6. In response, the server replies by sending its own changed cipher-spec message, transfers the pending cipher spec to the current cipher spec, initiates the completion of the message under the new cipher spec. At this point, the handshake is complete, and the server to exchange the application-layer data.

• The client initiates the communication by sending a hello message with the Session ID of the session that is to be resumed.
• If the server finds a match, it re-establishes the session under the specified session state with same Session ID.
• At this point, both the server and the client exchange the changed spec messages and proceed directly to the finished messages.
• After re-establishment, the server and client exchange data at the application layer.
• If the session ID does not exist, the server creates a new session ID. The SSl client and server then carry out a complete handshake.

SSL Tool :- Open SSL

Source: https://www.openssl.org

OpenSSL is an open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of Open SSL’s crypto library from the shell.

• Creation and Management of Private Keys, and Parameters.
• Public key cryptographic operations.
• Creation of X.509 certificates, CSRs, and CRLs.
• Calculations of Message DIgests.
• Encryption and Decryption with Ciphers.
• SSL client and Server Tests.
• Handling of S/MIME signed or encrypted mail.
• Time Stamp requests, generations, and verification.

If you got any problem or need some more information you can comment below we will help you soon. To learn more about Hacking you can check more.

Originally published at https://exploitbyte.com on March 28, 2020.