background preloader

Transport Layer Security

Transport Layer Security
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.[1] They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating,[2] and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication. As a consequence of choosing X.509 certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates. In the Internet Protocol Suite, TLS and SSL encrypt the data of network connections in the application layer. Description[edit] History and development[edit] Dr. TLS 1.0[edit] Notes

SSL Programming Tutorial This section demonstrates the implementation of a simple SSL client and server program using OpenSSL APIs. Although SSL client and server programs might differ in their setup and configuration, their common internal procedures can be summarized in Figure 4-8 “ Overview of SSL Application with OpenSSL APIs”. These procedures are discussed in the following sections. Figure 4-8 Overview of SSL Application with OpenSSL APIs Before you can call any other OpenSSL APIs in the SSL application programs, you must perform initialization using the following SSL APIs. The SSL_library_init() API registers all ciphers and hash algorithms used in SSL APIs. SSL applications should call the SSL_load_error_strings() API. The first step after the intialization is to choose an SSL/TLS protocol version. For every SSL/TLS version, there are three types of APIs to create an SSL_METHOD structure: one for both client and server, one for server only, and one for client only. For the SSL server:For the SSL client:

Survival Guide - SSL/TLS and SSL (X.509) Certificates (Self-Signed) This is a survival guide to the eye-glazing topic of TLS/SSL and X.509 (SSL) certificates - including self-signed certificates. These are elements in what is loosely called a Public Key Infrastructure (PKI). What are colloquially known as SSL certificates should be referred to as X.509 certificates. The term SSL certificate became common due to the adoption of the X.509 (one of the ITU X.500 Directory standards) certificate format by Netscape when it designed the original versions of the SSL protocol, eons ago, when the world was still young and the Internet was a friendly place. The term 'SSL certificate' has persisted simply because given the choice of saying SSL certificate or 'X.509 certificate' which would you choose? The current guide includes SSL, TLS, some detail about X.509 and its usage as well as some explanation about certificate types, including EV certificates, and the trust process. If, however, you just want to read the blasted RFC, feel free to click the links below.