FACTOID # 28: Austin, Texas has more people than Alaska.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but they are essentially the same. In computing and telecommunications, the transport layer is the second highest layer in the four and five layer TCP/IP reference models, where it responds to service requests from the application layer and issues service requests to the Internet layer. ... The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ... The Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol that is currently under development in the IETF. Applications that might make use of DCCP include those with timingconstraints on the delivery of data such that reliable in-order delivery, when combined with congestion control, is likely... In the field of computer networking, the IETF Signaling Transport (SIGTRAN) working group defined the Stream Control Transmission Protocol (SCTP) as a transport layer protocol in 2000. ... The Resource ReSerVation Protocol (RSVP), described in RFC 2205, is a Transport layer protocol designed to reserve resources across a network for an integrated services Internet. ... Network congestion avoidance is a process used in computer networks to avoid congestion. ... The network layer is third layer out of seven in OSI model and it is the third layer out of five in TCP/IP model. ... The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork. ... Internet Protocol version 4 (IPv4) is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ... Internet Protocol version 6 (IPv6) is a network layer for packet-switched internetworks. ... The Open Shortest Path First (OSPF) protocol is a hierarchical interior gateway protocol (IGP) for routing in Internet Protocol, using a link-state in the individual areas that make up the hierarchy. ... Is Is is Yeah Yeah Yeahs third EP, to be released on July 24, 2007. ... The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... In computer networking, the Address Resolution Protocol (ARP) is the standard method for finding a hosts hardware address when only its network layer address is known. ... Reverse Address Resolution Protocol (RARP) is a network layer protocol used to obtain an IP address for a given hardware address (such as an Ethernet address). ... This article is chiefly about the Routing Information Protocol (RIP) for the Internet Protocol, but also discusses some other routing information protocols. ... The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. ... The ICMP for IPv6 (Internet Control Message Protocol Version 6) is an integral part of the IPv6 architecture and must be completely supported by all IPv6 implementations. ... The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. ... This article does not cite any references or sources. ... IEEE 802. ... The IEEE 802. ... Wi-Fi (IPA: ) is the common name for a popular wireless technology used in home networks, mobile phones, video games and more. ... Official WiMax logo WiMAX, the Worldwide Interoperability for Microwave Access, is a telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full mobile cellular type access. ... Asynchronous Transfer Mode (ATM) is a cell relay, packet switching network and data link layer protocol which encodes data traffic into small (53 bytes; 48 bytes of data and 5 bytes of header information) fixed-sized cells. ... Dynamic synchronous Transfer Mode , or DTM for short, is a network protocol. ... Token-Ring local area network (LAN) technology was developed and promoted by IBM in the early 1980s and standardised as IEEE 802. ... Ethernet is a large, diverse family of frame-based computer networking technologies that operate at many speeds for local area networks (LANs). ... In computer networking, fiber-distributed data interface (FDDI) is a standard for data transmission in a local area network that can extend in range up to 200 km (124 miles). ... In the context of computer networking, frame relay consists of an efficient data transmission technique used to send digital information quickly and cheaply in a relay of frames to one or many destinations from one or many end-points. ... General Packet Radio Service (GPRS) is a Mobile Data Service available to users of Global System for Mobile Communications (GSM) and IS-136 mobile phones. ... Evolution-Data Optimized or Evolution-Data only, abbreviated as EV-DO or EVDO and often EV, is one telecommunications standard for the wireless transmission of data through radio signals, typically for broadband Internet access. ... High-Speed Packet Access (HSPA) is a collection of mobile telephony protocols that extend and improve the performance of existing UMTS protocols. ... High-Level Data Link Control (HDLC) is a bit-oriented synchronous data link layer protocol developed by the International Organization for Standardization (ISO). ... In computing, the Point-to-Point Protocol, or PPP, is commonly used to establish a direct connection between two nodes. ... The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. ... In computer networking, the Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). ... ISDN redirects here. ... ARCNET (also CamelCased as ARCnet, an acronym from Attached Resource Computer NETwork) is a local area network (LAN) protocol, similar in purpose to Ethernet or Token Ring. ... Link Layer Topology Discovery (LLTD) is a licensed data link layer protocol for network topology discovery and quality of service diagnostics, developed by Microsoft as part of their Windows Rally set of technologies. ... This article does not cite any references or sources. ... The Ethernet physical layer is the physical layer component of the Ethernet standard. ... RS-232 (also referred to as EIA RS-232C or V.24) is a standard for serial binary data interchange between a DTE (Data terminal equipment) and a DCE (Data communication equipment). ... Synchronous optical networking, is a method for communicating digital information using lasers or light-emitting diodes (LEDs) over optical fiber. ... There are very few or no other articles that link to this one. ... Optical fibers An optical fiber (or fibre) is a glass or plastic fiber designed to guide light along its length. ... Coaxial Cable For the weapon, see coaxial weapon. ... 25 Pair Color Code Chart 10BASE-T UTP Cable Twisted pair cabling is a common form of wiring in which two conductors are wound around each other for the purposes of cancelling out electromagnetic interference known as crosstalk. ... A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. ... For other uses, see Security (disambiguation). ... A web browser is a software package that enables a user to display and interact with documents hosted by web servers. ... Wikipedia does not yet have an article with this exact name. ... Internet fax uses the internet to receive and send faxes. ... // Instant messaging (IM) is a form of real-time communication between two or more people based on typed text. ...

Contents

Description

The TLS protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom it is communicating. The next level of security — in which both ends of the "conversation" are sure with whom they are communicating — is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients unless TLS-PSK or the Secure Remote Password (SRP) protocol are used, which provide strong mutual authentication without needing to deploy a PKI. To eavesdrop is to surreptitiously overhear a private conversation. ... Message forgery is the sending of a message trying to deceive the recipient as to whom the real sender is. ... For other uses of the terms authentication, authentic and authenticity, see authenticity. ... Information Security Components: whereas information is transmitted, stored, encrypted, or processed, its value derives from three main attributes or qualities, i. ... The German Lorenz cipher machine, used in World War II for encryption of very high-level general staff messages Cryptography (or cryptology; derived from Greek κρυπτός kryptós hidden, and the verb γράφω gráfo write or λεγειν legein to speak) is the study of message secrecy. ... Mutual authentication or two-way authentication refers to two parties authenticating each other suitably. ... Diagram of a public key infrastructure In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). ... The Secure Remote Password Protocol (SRP) is a password-authenticated key agreement protocol which allows a user to authenticate herself to a server, which is resistant to dictionary attacks mounted by an eavesdropper, and does not require a trusted third party. ...


TLS involves three basic phases:

  1. Peer negotiation for algorithm support
  2. Key exchange and authentication
  3. Symmetric cipher encryption and message authentication

During the first phase, the client and server negotiate cipher suites, which determine the ciphers to be used, the key exchange and authentication algorithms, as well as the message authentication codes (MACs). The key exchange and authentication algorithms are typically public key algorithms, or as in TLS-PSK preshared keys could be used. The message authentication codes are made up from cryptographic hash functions using the HMAC construction for TLS, and a non-standard pseudorandom function for SSL. A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. ... In cryptography, a pseudorandom function family, abbreviated PRF, is a collection of efficiently-computable functions which emulate a random oracle in the following way: No efficient algorithm can distinguish (with significant advantage) between a function chosen randomly from the PRF family and a random oracle (a function whose outputs are...


Typical algorithms could be:

In cryptography, RSA is an algorithm for public-key cryptography. ... Diffie-Hellman key exchange is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communication channel. ... Elliptic Curve Diffie-Hellman (ECDH) is a key agreement protocol that allows two parties to estabilish a shared secret key over an insecure channel. ... The Secure Remote Password Protocol (SRP) is a password-authenticated key agreement protocol which allows a user to authenticate herself to a server, which is resistant to dictionary attacks mounted by an eavesdropper, and does not require a trusted third party. ... A pre-shared key or PSK is a secret which was previously shared between the two parties using some secure channel before it needs to be used. ... In cryptography, RSA is an algorithm for public-key cryptography. ... The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. ... Elliptic Curve DSA (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which operates on elliptic curve groups. ... For the Vietnam road named RC4, see Route Coloniale 4. ... In cryptography, Triple DES (also 3DES) is a block cipher formed from the Data Encryption Standard (DES) cipher. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... In cryptography, Camellia is a block cipher that has been evaluated favorably by several organisations, including the European Unions NESSIE project (a selected algorithm), and the Japanese CRYPTREC project (a recommended algorithm). ... In cryptography, RC2 is a block cipher designed by Ron Rivest in 1987. ... In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai (來學嘉) and James L. Massey of ETH Zurich and was first described in 1991. ... The Data Encryption Standard (DES) is a cipher (a method for encrypting information) selected as an official Federal Information Processing Standard (FIPS) for the United States in 1976, and which has subsequently enjoyed widespread use internationally. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. ... A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. ... In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ... Sha (Ш, ш) is a letter of the Cyrillic alphabet, representing the consonant sound or . ... Message Digest Algorithm 2 (MD2) is a cryptographic hash function developed by Ronald Rivest in 1989. ... MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. ...

How it works

SSL handshake with two way authentication with certificates. (Accuracy disputed.)
SSL handshake with two way authentication with certificates. (Accuracy disputed.)

A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.

  • The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported ciphers and hash functions.
  • From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
  • The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key.

The client may contact the server that issued the certificate (the trusted CA as above) and confirm that the certificate is authentic before proceeding. Encrypt redirects here. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...

  • In order to generate the session keys used for the secure connection, the client encrypts a random number with the server's public key, and sends the result to the server. Only the server can decrypt it (with its private key): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data.
  • From the random number, both parties generate key material for encryption and decryption.

This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes.


If any one of the above steps fails, the TLS handshake fails, and the connection is not created.


TLS handshake in detail

The TLS protocol exchanges records, which encapsulate the data to be exchanged. Each record can be compressed, padded, appended with a message authentication code (MAC), or encrypted, all depending on the state of the connection. Each record has a content type field that specifies the record, a length field, and a TLS version field. A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ...


When the connection starts, the record encapsulates another protocol, the handshake protocol, which has content type 22.


A simple connection example follows:

  • A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods.
  • The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher suite, and compression method from the choices offered by the client.
  • The Server sends its Certificate (depending on the selected cipher suite, this may be omitted by the Server).
These certificates are currently X.509, but there is also a draft specifying the use of OpenPGP based certificates.
  • The server may request a certificate from the client, so that the connection can be mutually authenticated, using a CertificateRequest.
  • The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
  • The Client responds with a ClientKeyExchange message, which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.)
  • The Client and Server then use the random numbers and PreMasterSecret to compute a common secret, called the "master secret". All other key data is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".
  • The Client now sends a ChangeCipherSpec message, essentially telling the Server, "Everything I tell you from now on will be encrypted." Note that the ChangeCipherSpec is itself a record-level protocol, and has type 20, and not 22.
  • Finally, the Client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.
  • The Server will attempt to decrypt the Client's Finished message, and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.
  • Finally, the Server sends a ChangeCipherSpec and its encrypted Finished message, and the Client performs the same decryption and verification.
  • At this point, the "handshake" is complete and the Application protocol is enabled, with content type of 23. Application messages exchanged between Client and Server will be encrypted.

In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ... An Open Specification for Pretty Good Privacy (openpgp) OpenPGP is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. ... A pseudorandom process is a process that appears random but is not. ...

TLS record protocol

+ Bits 0–7 8-15 16-23 24–31
0 Content Type Version (MSB) Version (LSB) Length (MSB)
32 Length (LSB) Protocol Message(s)
... Protocol Message (cont.)
... MAC (optional)
... Padding (block ciphers only)
Content Type
This field identifies the Record Layer Protocol Type contained in this Record.
Content Types
20 ChangeCipherSpec
21 Alert
22 Handshake
23 Application
Version
This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
Versions
Major Version Minor Version Version Type
3 0 SSLv3
3 1 TLS 1.0
3 2 TLS 1.1
3 3 TLS 1.2
Length
The length of Protocol message(s), not to exceed 214 bytes.
Protocol message(s)
One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection.
MAC
A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection.

A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ...

ChangeCipherSpec protocol

+ Bits 0–7 8-15 16-23 24–31
0 20 Version (MSB) Version (LSB) 0
32 1 1 (CCS protocol type)

Alert protocol

+ Bits 0–7 8-15 16-23 24–31
0 21 Version (MSB) Version (LSB) 0
32 2 Level Description
Level
This field identifies the level of alert.
Level Types
Code Description
1 Warning - connection or security may be unstable
2 Fatal - connection or security may be compromised, or an unrecoverable error has occurred
Description
This field identifies which type of alert is being sent.
Description Types
Code Description
0 Close notify (warning or fatal)
10 Unexpected message (fatal)
20 Bad record MAC (fatal)
21 Decryption failed (fatal, TLS only)
22 Record overflow (fatal, TLS only)
30 Decompression failure (fatal)
40 Handshake failure (fatal)
41 No certificate (SSL v3 only) (warning or fatal)
42 Bad certificate (warning or fatal)
43 Unsupported certificate (warning or fatal)
44 Certificate revoked (warning or fatal)
45 Certificate expired (warning or fatal)
46 Certificate unknown (warning or fatal)
47 Illegal parameter (fatal)
48 Unknown CA (fatal, TLS only)
49 Access denied (fatal, TLS only)
50 Decode error (fatal, TLS only)
51 Decrypt error (TLS only) (warning or fatal)
60 Export restriction (fatal, TLS only)
70 Protocol version (fatal, TLS only)
71 Insufficient security (fatal, TLS only)
80 Internal error (fatal, TLS only)
90 User cancelled (fatal, TLS only)
100 No renegotiation (warning, TLS only)

Handshake protocol

+ Bits 0–7 8-15 16-23 24–31
0 22 Version (MSB) Version (LSB) Length (MSB)
32 Length (LSB) Message type Message length
64 Message length (cont.) Handshake message
... Handshake message Message type Message length
... Message length (cont.) Handshake message
Message type
This field identifies the Handshake message type.
Message Types
Code Description
0 HelloRequest
1 ClientHello
2 ServerHello
11 Certificate
12 ServerKeyExchange
13 CertificateRequest
14 ServerHelloDone
15 CertificateVerify
16 ClientKeyExchange
20 Finished
Message length
This is a 3-byte field indicating the length of the handshake data, not including the header.

Note that multiple Handshake messages may be combined within one record.


Application protocol

+ Bits 0–7 8-15 16-23 24–31
0 23 Version (MSB) Version (LSB) Length (MSB)
32 Length (LSB) Application data
64 Application data (cont.)
... MAC (20B for SHA-1, 16B for MD5)
... Variable length padding (block ciphers only) Padding length, (block ciphers only)(1B)

Support for virtual servers

TLS does not provide a mechanism for a client to tell a server the name of the server it is contacting. It is often desirable for clients to provide this information to facilitate secure connections to servers that host multiple Virtual Servers sharing a single IP address. A virtual private server (also referred to as virtual dedicated server or virtual server, and abbreviated VPS or VDS) is a method of partitioning one physical server computer into multiple servers that each has the appearance and capabilities of running on its own dedicated machine. ...


In order to provide the server name, RFC 4366 Transport Layer Security (TLS) Extensions allow clients to include a "server_name" extension in the extended client hello. The TLS server, in response, should provide the appropriate certificate for the requested Virtual Server.


Security

TLS/SSL have a variety of security measures:

  • The client may use the certificate authority's (CA's) public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA.
  • The client verifies that the issuing CA is on its list of trusted CAs.
  • The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.
  • To protect against Man-in-the-middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate.[citation needed] Browser-dependent, not defined by TLS.
  • Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.
  • Numbering all the Application records with a sequence number, and using this sequence number in the message authentication codes (MACs).
  • Using a message digest enhanced with a key (so only a key-holder can check the MAC). This is specified in RFC 2104. TLS only.
  • The message that ends the handshake ("Finished") sends a hash of all the exchanged handshake messages seen by both parties.
  • The pseudorandom function splits the input data in half and processes each one with a different hashing algorithm (MD5 and SHA-1), then XORs them together. This provides protection even if one of these algorithms is found to be vulnerable. TLS only.
  • SSL v3 improved upon SSL v2 by adding SHA-1 based ciphers, and support for certificate authentication. Additional improvements in SSL v3 include better handshake protocol flow and increased resistance to man-in-the-middle attacks.

SSL v2 is flawed in a variety of ways: In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. ... It has been suggested that Mafia Fraud Attack be merged into this article or section. ... A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ... A pseudorandom process is a process that appears random but is not. ... In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ... SHA redirects here. ... Exclusive disjunction (usual symbol xor) is a logical operator that results in true if one of the operands (not both) is true. ... SHA redirects here. ...

  • Identical cryptographic keys are used for message authentication and encryption.
  • MACs are unnecessarily weakened in the "export mode" required by U.S. export restrictions (symmetric key length was limited to 40 bits in Netscape and Internet Explorer).
  • SSL v2 has a weak MAC construction and relies solely on the MD5 hash function.
  • SSL v2 does not have any protection for the handshake, meaning a Man-in-the-middle downgrade attack can go undetected.
  • SSL v2 uses the TCP connection close to indicate the end of data. This means that truncation attacks are possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL v3 fixes this problem by having an explicit closure alert).

SSL v2 is disabled by default in Internet Explorer 7,[1] Mozilla Firefox 2,[2] Opera 9[3] and Safari. Support for SSL v2 (and weak 40-bit and 56-bit ciphers) will be removed completely from the upcoming Opera 9.5 (code-named Kestrel).[4] It has been suggested that Mafia Fraud Attack be merged into this article or section. ... Windows Internet Explorer 7, commonly abbreviated IE7, is a web browser released by Microsoft in late 2006 for Windows Vista, Windows XP and Windows Server 2003. ... Firefox redirects here. ... Opera is a web browser and Internet suite developed by the Norwegian Opera Software company. ... Safari is a web browser developed by Apple Inc. ... 40-bit encryption is a key size for symmetric encryption representing a low-level of security where the key is forty bits in length (five bytes). ... Opera is a web browser and Internet suite developed by the Norwegian Opera Software company. ...


Applications

TLS runs on layers beneath application protocols such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce and asset management. SMTP is also an area in which TLS has been growing and is specified in RFC 3207. These applications use public key certificates to verify the identity of endpoints. Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on intranets and the World Wide Web. ... This article is about the File Transfer Protocol standardised by the IETF. For other file transfer protocols, see File transfer protocol (disambiguation). ... Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. ... The Network News Transfer Protocol or NNTP is an Internet application protocol used primarily for reading and posting Usenet articles, as well as transferring news among news servers. ... Jabber redirects here. ... The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... https (Hypertext Transfer Protocol over Secure Socket Layer) is a URI scheme used to indicate a secure HTTP connection. ... The World Wide Web and WWW redirect here. ... Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. ... Mobile asset management is managing availability and serviceability of assets used to move, store, secure, protect and control inventory within the supply chain. ... In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. ...


An increasing number of client and server products support TLS natively, but many still lack support. As an alternative, users may wish to use standalone TLS products like Stunnel. Wrappers such as Stunnel rely on being able to obtain a TLS connection immediately, by simply connecting to a separate port reserved for the purpose. For example, by default the TCP port for HTTPS is 443, to distinguish it from HTTP on port 80. Stunnel is a free multi-platform computer program, used to provide universal TLS/SSL tunnelling service. ... It has been suggested that TCP and UDP port be merged into this article or section. ...


TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. Many vendors now marry TLS's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of the browser to enable support for client/server applications. When compared against traditional IPsec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote-access populations. VPN redirects here. ... OpenVPN is a virtual private network (VPN) package for creating point-to-point encrypted tunnels between host computers. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... In computer networking, Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets...


TLS is also increasingly being used as the standard method for protecting SIP application signaling. TLS can be used to provide authentication and encryption of the SIP signalling associated with VoIP and other SIP-based applications. The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. ... An overview of how VoIP works A typical analog telephone adapter for connecting an ordinary phone to a VoIP network A Voice over Internet Protocol (VoIP) is a protocol optimized for transmission of voice through the Internet or other packet switched networks. ...


History and development

Early research efforts toward transport layer security included the Secure Network Programming (SNP) API, which in 1993 explored the approach of having a secure transport layer API closely resembling sockets, to facilitate retrofitting preexisting network applications with security measures. [5] The SNP project received the 2004 ACM Software System Award. [6] The Berkeley sockets application programming interface (API) comprises a library for developing applications in the C programming language that perform inter-process communication, most commonly across a computer network. ... ACM is a three-letter abbreviation with multiple meanings, as described below: Abstract Control Model Academy of Country Music Academic Common Market Academy of Contemporary Music Advanced Cruise Missile Adaptive Combat Model Aerial Combat Maneuver Air combat manoeuvering Air Cycle Machine Airspace Coordination Measure Adams Capital Management Advanced compact MOSFET...


The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in 1994 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0", which was released in 1996 (Rescorla 2001). This later served as the basis for TLS version 1.0, an Internet Engineering Task Force (IETF) standard protocol first defined in RFC 2246 in January 1999. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet.[citation needed] Netscape Communications Corporation was the publisher of the Netscape Navigator web browser as well as many other internet and intranet client and server software products. ... Year 1996 (MCMXCVI) was a leap year starting on Monday (link will display full 1996 Gregorian calendar). ... The Internet Engineering Task Force (IETF) develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standard bodies; and dealing in particular with standards of the TCP/IP and Internet protocol suite. ... This article concerns communication between pairs of electronic devices. ... “VISA” redirects here. ... MasterCard Worldwide (NYSE: MA) is a multinational corporation based in Purchase, NY in the United States. ... American Express (NYSE: AXP), sometimes known as AmEx or Amex, is a diversified global financial services company, headquartered in New York City. ...


SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers. A peer-to-peer (or P2P) computer network is a network that relies on the computing power and bandwidth of the participants in the network rather than concentrating it in a relatively few servers. ...


Early short keys

Some early implementations of SSL used 40-bit symmetric keys because of US government restrictions on the export of cryptographic technology. The US government explicitly imposed a 40-bit keyspace, which was small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers.[citations needed] A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of cryptographic products with longer key sizes produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away, and modern implementations use 128-bit (or longer) keys for symmetric key ciphers.[citations needed] 40-bit encryption is a key size for symmetric encryption representing a low-level of security where the key is forty bits in length (five bytes). ... A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ... Motto: (traditional) In God We Trust (official, 1956–present) Anthem: The Star-Spangled Banner Capital Washington, D.C. Largest city New York City Official language(s) None at the federal level; English de facto Government Federal Republic  - President George W. Bush (R)  - Vice President Dick Cheney (R) Independence - Declared - Recognized... Since World War II, Western governments, including the U.S. and its NATO allies have regulated the export of cryptography for national security considerations. ... In computer science, a brute-force search consists of systematically enumerating every possible solution of a problem until a solution is found, or all possible solutions have been exhausted. ... Lotus Notes is a client-server collaborative software and e-mail system owned by Lotus Software, of the IBM Software Group. ... In cryptography, the key size (alternatively key length) is the size of the digits used to create an encrypted text; it is therefore also a measure of the number of possible keys which can be used in a cipher, and the number of keys which must be tested to break...


Standards

The first definition of TLS appeared in:

  • RFC 2246: “The TLS Protocol Version 1.0”.

The current approved version is 1.1, which is specified in

  • RFC 4346: “The Transport Layer Security (TLS) Protocol Version 1.1”.

The next version is proposed:

  • INTERNET DRAFT - The Transport Layer Security (TLS) Protocol Version 1.2 (published March 2008, expires September 2008)

Other RFCs subsequently extended TLS, including: In internetworking and computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies. ...

  • RFC 2595: “Using TLS with IMAP, POP3 and ACAP”. Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 2712: “Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)”. The 40-bit ciphersuites defined in this memo appear only for the purpose of documenting the fact that those ciphersuite codes have already been assigned.
  • RFC 2817: “Upgrading to TLS Within HTTP/1.1”, explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443).
  • RFC 2818: “HTTP Over TLS”, distinguishes secured traffic from insecure traffic by the use of a different 'server port'.
  • RFC 3207: “SMTP Service Extension for Secure SMTP over Transport Layer Security”. Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 3268: “AES Ciphersuites for TLS”. Adds Advanced Encryption Standard (AES) ciphersuites to the previously existing symmetric ciphers.
  • RFC 3546: “Transport Layer Security (TLS) Extensions”, adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions. Made obsolete by RFC 4366.
  • RFC 3749: “Transport Layer Security Protocol Compression Methods”, specifies the framework for compression methods and the DEFLATE compression method.
  • RFC 3943: “Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)”.
  • RFC 4132: “Addition of Camellia Cipher Suites to Transport Layer Security (TLS)”.
  • RFC 4162: “Addition of SEED Cipher Suites to Transport Layer Security (TLS)”.
  • RFC 4279: “Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)”, adds three sets of new ciphersuites for the TLS protocol to support authentication based on pre-shared keys.
  • RFC 4347: “Datagram Transport Layer Security” specifies a TLS variant that works over datagram protocols (such as UDP).
  • RFC 4366: “Transport Layer Security (TLS) Extensions” describes both a set of specific extensions, and a generic extension mechanism.
  • RFC 4492: “Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)”.
  • RFC 4507: “Transport Layer Security (TLS) Session Resumption without Server-Side State”.
  • RFC 4680: “TLS Handshake Message for Supplemental Data”.
  • RFC 4681: “TLS User Mapping Extension”.
  • RFC 4785: “Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)”.

Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. ... In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. ... DEFLATE is a lossless data compression algorithm that uses a combination of the LZ77 algorithm and Huffman coding. ... In cryptography, Camellia is a block cipher that has been evaluated favorably by several organisations, including the European Unions NESSIE project (a selected algorithm), and the Japanese CRYPTREC project (a recommended algorithm). ... A ripe red jalapeño cut open to show the seeds For other uses, see Seed (disambiguation). ... The Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. ... Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ...

Implementation

Programmers may use the OpenSSL, NSS, or GnuTLS libraries for SSL/TLS functionality. Microsoft Windows includes an implementation of SSL and TLS as part of its Secure Channel package. Delphi programmers may use a library called Indy. OpenSSL is an open source implementation of the SSL and TLS protocols. ... Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. ... GnuTLS, the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. ... Windows redirects here. ... Object Pascal is an object oriented derivative of Pascal mostly known as the primary programming language of Borland Delphi. ...


TLS 1.1

As noted above, TLS 1.1 is the current approved version of the TLS protocol. TLS 1.1 clarifies some ambiguities and adds a number of recommendations, but remains very similar to TLS 1.0. A full list of differences is provided in RFC 4346 (Section 1.1).


See also

Cryptography Portal

Image File history File links Crypto_key. ... In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ... In cryptography, a public key certificate (or identity certificate) is a certificate which uses a digital signature to bind together a public key with an identity — information such as a the name of a person or an organisation, their address, and so forth. ... Extended Validation Certificates (EV) [1] are a special type of X.509 certificate which require more extensive investigation by the Certificate Authority before being issued. ... SSL acceleration is a method of offloading the processor-intensive public key encryption algorithms involved in SSL transactions to a hardware accelerator. ... The Datagram Transport Layer Security (DTLS) protocol provides communications privacy for datagram protocols. ... In information technology, the Transport Layer Security (TLS) protocol provides connection security with mutual authentication, data confidentiality and integrity, key generation and distribution, and security parameters negotiation. ... In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ... VPN redirects here. ... A ripe red jalapeño cut open to show the seeds For other uses, see Seed (disambiguation). ... There are very few or no other articles that link to this one. ...

Software

OpenSSL is an open source implementation of the SSL and TLS protocols. ... GnuTLS, the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. ... The Java Secure Socket Extension (JSSE) is a set of packages that enable secure Internet communications. ... Java language redirects here. ... Java Logo The Java Runtime Environment, or JRE, or J2RE is a software bundle from Sun Microsystems that allows a computer system to run a Java application. ... Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. ... FIPS 140 (Federal Information Processing Standards Publication 140) is a United States federal standard that specifies security requirements for cryptography modules. ... OpenSSL is an open source implementation of the SSL and TLS protocols. ... The Common Language Runtime (CLR) is the virtual machine component of Microsofts . ... The Common Language Runtime (CLR) is the virtual machine component of Microsofts . ...

References

  1. ^ Lawrence, Eric (2005-10-22). IEBlog : Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2. MSDN Blogs. Retrieved on 2007-11-25.
  2. ^ Bugzilla@Mozilla - Bug 236933 - Disable SSL2 and other weak ciphers. Mozilla Corporation. Retrieved on 2007-11-25.
  3. ^ Pettersen, Yngve (2006-05-16). Opera Labs - What's new in the SSL/TLS engine of Opera 9?. Opera Software. Retrieved on 2007-11-25.
  4. ^ Pettersen, Yngve (2007-04-30). 10 years of SSL in Opera - Implementer's notes. Opera Software. Retrieved on 2007-11-25.
  5. ^ Woo, Thomas Y. C. and Bindignavle, Raghuram and Su, Shaowen and Lam, Simon S. 1994. SNP: An interface for secure network programming In Usenix Summer Technical Conference
  6. ^ Association for Computing Machinery, "ACM: Press Release, March 15, 2005", campus.acm.org, accessed December 26, 2007. (English version).
  • Wagner, David; Schneier, Bruce (November 1996). "Analysis of the SSL 3.0 Protocol". The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press. 
  • Eric Rescorla,. SSL and TLS: Designing and Building Secure Systems. United States: Addison-Wesley Pub Co. ISBN 0-201-61598-3. 
  • Stephen A. Thomas (2000). SSL and TLS essentials securing the Web. New York: Wiley. ISBN 0-471-38354-6. 
  • Bard, Gregory (2006). "A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack On Ssl". International Association for Cryptologic Research (136). Retrieved on 2007-04-20. 
  • Canvel, Brice. Password Interception in a SSL/TLS Channel. Retrieved on 2007-04-20.

Year 2005 (MMV) was a common year starting on Saturday (link displays full calendar) of the Gregorian calendar. ... is the 295th day of the year (296th in leap years) in the Gregorian calendar. ... The Microsoft Developer Network (MSDN) is the portion of Microsoft responsible for managing the firms relationship with developers. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 329th day of the year (330th in leap years) in the Gregorian calendar. ... The Mountain View office shared by the Mozilla Foundation and the Mozilla Corporation The Mozilla Corporation is a wholly-owned subsidiary of the Mozilla Foundation that coordinates and integrates the development of Internet-related applications such as the Mozilla Firefox web browser and the Mozilla Thunderbird email client by the... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 329th day of the year (330th in leap years) in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 136th day of the year (137th in leap years) in the Gregorian calendar. ... Logo of Opera Software. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 329th day of the year (330th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 120th day of the year (121st in leap years) in the Gregorian calendar. ... Logo of Opera Software. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 329th day of the year (330th in leap years) in the Gregorian calendar. ... The Association for Computing Machinery, or ACM, was founded in 1947 as the worlds first scientific and educational computing society. ... is the 360th day of the year (361st in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... The English language is a West Germanic language that originates in England. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 110th day of the year (111th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) was a common year starting on Monday of the Gregorian calendar in the 21st century. ... is the 110th day of the year (111th in leap years) in the Gregorian calendar. ...

External links

  • SSL 2.0 specification (published 1994)
  • SSL 3.0 specification (published 1996)
  • The IETF TLS Workgroup
  • SSL tutorial
  • Introduction to SSL/TLS and related Apache configuration
  • OpenSSL thread safe connections tutorial with example source code

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL. This article does not cite any references or sources. ... “GFDL” redirects here. ...


  Results from FactBites:
 
Transport Layer Security - Wikipedia, la enciclopedia libre (1566 words)
Secure Sockets Layer (SSL) y Transport Layer Security (TLS) -Seguridad de la Capa de Transporte-, su sucesor, son protocolos criptográficos que proporcionan comunicaciones seguras en Internet.
RFC 3546: "Transport Layer Security (TLS) Extensions", añade un mecanismo para negociar extensiones de protocolos durante la inicialización de sesión y define algunas extensiones.
RFC 4279: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", añade tres conjuntos de nuevas familias de cifrados para que el protocolo TLS permita la autenticación basada en claves previamente compartidas.
RFC 2246 (rfc2246) - The TLS Protocol Version 1.0 (16076 words)
The security parameters for the pending states can be set by the TLS Handshake Protocol, and the Handshake Protocol can selectively make either of the pending states current, in which case the appropriate current state is disposed of and replaced with the pending state; the pending state is then reinitialized to an empty state.
Note that higher layers should not be overly reliant on TLS always negotiating the strongest possible connection between two peers: there are a number of ways a man in the middle attacker can attempt to make two entities drop down to the least secure method they support.
Security analysis The TLS protocol is designed to establish a secure connection between a client and a server communicating over an insecure channel.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m