Data transmission over the Internet must be secure. What is the difference between SSL and TLS?
Transport Layer Security
TLS utilizes the handshake process to authenticate the server and establish a secure connection. The handshake process is started when the client sends a Client Hello message to the server. The Server responds with a Server Hello message.
It contains its SSL/TLS version number and cryptographic information if any. The Client responds with its cryptographic information. If cryptographic information has been provided by both the client and server, then a key is negotiated between them.
The TLS Handshake Protocol is composed of three communications:
1. Certificate Exchange: When the client connects to a server, any certificates are exchanged between them.
2. Client Key Exchange: The client and server exchange random data using Diffie–Hellman key exchange. This generates a secret that will be used to encrypt all further communications in the session.
Certificate Exchange
The SSL handshake you can execute in two steps. When a client connects to a server, the client sends its SSL/TLS version number and cryptographic information. So, the server responds with its SSL/TLS version number and cryptographic information.
If the server is unable to communicate securely with the client, then the handshake fails and the connection is not established. Also, if both client and server have provided cryptographic information, then they can negotiate a shared secret key.
Key Exchange Mechanisms
SSL/TLS uses a variety of algorithms for key exchange in addition to the RSA (Rivest-Shamir-Adleman) algorithm mentioned above. This includes Diffie-Hellman Ephemeral (DHE) and Elliptic Curve Diffie–Hellman (ECDHE). Client public key certificate is tied to a specific hostname or IP address, not to an individual user or computer.
The user’s private key is stored on his or her personal computer. In this way, private keys can only be accessed by a specific user, even when multiple users share an IP address. This is through DHCP or some other means of hosting multiple users on one machine.
However, browser cache attacks can be used by other people sharing an IP address with you to view your private keys. But if you do not use a disk cache protected by a strong password or disk encryption software such as TrueCrypt or PGP Desktop. In addition to the above terminology, you may also come across these terms related to SSL implementation.
These are “SSL proxy” “SSL accelerator” “SSL Bridge” and “SSL offload”. These terms may be used interchangeably with SSL termination. But they generally involve 3rd party devices instead of software inbox as in case of SSL termination.
Since it is where SSL/TLS terminator software completely handles all aspects of SSL processing. This includes HTTPS traffic decryption, encryption, certificate verification, etc.
Cipher Suite Selection
Cipher Suite Selection is the process of selecting a cipher suite from a predefined list. It is based on the TLS version number and cryptographic information sent by the client and server. TLS 1.2 allows client and server to negotiate their preferred cipher suites using a “cipher suite” extension.
This is in ClientHello and ServerHello messages. Also, the extension contains the client’s supported ciphers as a CipherSuiteId structure. Key Exchange Algorithms are used during the handshake process to negotiate symmetric keys.
So upon which future communication will be encrypted. Thus, the encryption algorithms provide encryption services for protecting data.