SSL architecture, SSL protocol stack, SSL record protocol, SSL record format.
SSL: Secure Socket Layer (SSL) is designed to make use of TCP to provide a reliable end-to-end secure
service. SSL builds a secure connection between two sockets for:
Parameter negotiation between client and server
Mutual authentication of client and server
Secret communication
Data integrity protection
SSL is not a single protocol but rather two layers of protocols, as illustrated in the following figure:
Fig-1: SSL Protocol Stack
The SSL Record Protocol provides basic security services to various higher-layer protocols. In
particular, the Hypertext Transfer Protocol (HTTP), which provides the transfer service for Web
client/server interaction, can operate on top of SSL.
Three higher-layer protocols are defined as part of SSL: the Handshake Protocol, The Change
Cipher Spec Protocol, and the Alert Protocol.
Two important SSL concepts are the SSL session and the SSL connection, which are defined in the
specification as follows:
Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable
type of service. For SSL, such connections are peer-to-peer relationships. The connections are transient.
Every connection is associated with one session. A connection state is defined by the following
parameters:
Server and client random: Byte sequences that are chosen by the server and client for each
connection.
Server write MAC secret: The secret key used in MAC operations on data sent by the server.
Client write MAC secret: The secret key used in MAC operations on data sent by the client.
Server write key: The conventional encryption key for data encrypted by the server and decrypted
by the client.
Client write key: The conventional encryption key for data encrypted by the client and decrypted
by the server.
Session: An SSL session is an association between a client and a server. Sessions are created by the
Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared
among multiple connections. Sessions are used to avoid the expensive negotiation of new security
parameters for each connection. A session state is defined by the following parameters (definitions taken
from the SSL specification):
Session identifier: An arbitrary byte sequence chosen by the server to identify an active or
resumable session state.
Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null.
Compression method: The algorithm used to compress data prior to encryption.
Cipher spec: Specifies the bulk data encryption algorithm (such as null, AES, etc.) and a hash
algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines cryptographic
attributes such as the hash_size.
Master secret: 48-byte secret shared between the client and server.
Is resumable: A flag indicating whether the session can be used to initiate new connections.
SSL Record Protocol: Two services for SSL connections:
Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional
encryption of SSL payloads.
Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a
message authentication code (MAC).
Fig-2: SSL Record Protocol Operation
Figure-27 indicates the overall operation of the SSL Record Protocol. The Record Protocol takes an
application message to be transmitted, fragments the data into manageable blocks, optionally compresses
the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment.
Received data are decrypted, verified, decompressed, and reassembled and then delivered to higher-level
users.
The first step is fragmentation. Each upper-layer message is fragmented into blocks of 214 bytes
(16384 bytes) or less.
Next, compression is optionally applied. Compression must be lossless and may not increase the
content length by more than 1024 bytes. In SSLv3 (as well as the current version of TLS), no
compression algorithm is specified, so the default compression algorithm is null.
The next step in processing is to compute a message authentication code over the compressed
data. For this purpose, a shared secret key is used.
Next, the compressed message plus the MAC are encrypted using symmetric encryption.
Encryption may not increase the content length by more than 1024 bytes, so that the total length
may not exceed 214 + 2048.
The final step of SSL Record Protocol processing is to append a SSL record header, consisting of
the following fields which is the standard SSL Record Format:
o Content Type (8 bits): The higher layer protocol used to process the enclosed fragment.
o Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.
o Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.
o Compressed Length (16 bits): The length in bytes of the plaintext fragment (or compressed
fragment if compression is used). The maximum value is 214 + 2048.