• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

SSL/TLS


History

In 1969, a remote login application known as telnet was created. Back in 1969, very few people had computers, and those who did were primarily communicating on isolated private networks. It worked exactly the way you'd think an "authentication conversation" would work.

Client: Hello.
Server: Hello. What is your name?
Client: bob
Server: Hello, Bob. What is your password?
Client: bob1
Server: Authenticated! What would you like to do today?

Telnet was dirt simple, and it worked. Enter the 1990's. The personal computer has been made... well, personal, more and more households are gaining Internet access, and not all of those Web surfers have our best interests at heart. When Bob broadcasts his username and password all over the Internet, someone might "accidentally" overhear. Communications via telnet (and other protocols) needed to be encrypted.

SSL and TLS

Enter SSL (Secure Socket Layer) and TLS (Transport Layer Security). Now, Bob's conversation with the server becomes a little more secure (and a lot more complicated):

Client: Hello. My random number is 2834713904712394.
Server: Hello. My random number is 7324678965243852. Also, go ahead and have my certificate while you're at it. Where's your certificate?
Client: Right here. Let me extract your public key from your certificate, and encrypt my own certificate with it. Then, let me also send another copy of the certificate encrypted with my private key, just to make sure we've got it right.
Server: Great! I'll verify you by decrypting the first certificate with my private key, extracting your public key, then using that key to decrypt your second certificate and checking that they match.
Client: I will use these random numbers and keys to generate a Pre-Master-Secret, which I will encrypt with your public key and send to you.
Server: I will decrypt that Pre-Master-Secret using my private key, then use that plus our random numbers to generate a Master-Secret.
Client: I will do the same. Let's hope that they match! Here's an encrypted version of this conversation as a check.
Server: Looks good. Here's a checksum for you.
Client: All green.
Server: Excellent! Now then, what is your password?
Client: bob1. But, to everyone else, it appears as "HochlIjDuj'oHghajDaqmaH."

In a modern-day TLS implementation, the conversation between a client and server might actually look something like that. TLS is, in some sense, a successor to SSL. SSL's latest version (and the only version in common use) is v3; TLS is fully backwards-compatible with SSL, which is why it is sometimes referred to as SSL v3.1.

Uses

While this article has primarily emphasized telnet (and its encrypted counterpart, SSH), many services can take advantage of the encryption provided by TLS. For example, you may want to protect sensitive personal information being transmitted to your web server (HTTPS). Other articles in our knowledge base will detail the process of correctly setting up and using protocol encryption.







© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER