Sunday, 24 July 2016

HOW SSL WORKS AND IMPORTANCE OF SSL


SSL:


  SSL abbreviate Secure Socket Layer Protocol this protocol provides secure 
communication between web server and client machine.

In short it create a encrypted(secure) link between web server and client.

It ensures the INTEGRITY of data i.e.data remains unchanged during communication.


Without SSL enforcement what happens:


GENERAL FIGURE



PACKETS ARE CAPTURES BY WIRESHARKFOR THAT WEBSITE WHICH DOESN'T ENFORCE SSL


Types of SSL certificate:

1.Extended validation:

       In that certificate authority checks the Domain ownership,organisational information and legal existence of organization.its trust level is very high.


2.Organization Validation:

        In that certificate authority checks the Domain ownership,organisational information.

3.Domain Validation:

   In that certificate authority only checks the Domain name.its trust level is low.

HOW SSL WORKS:

STEPS:

  1. Client sends "Hello message" to server.
  2. Client sends some details to server like which TLS/SSL version it is running and what cipher suites it can used and what type of encryption it want to used.
  3. Sever checks highest version of TLS/SSL client can support,picks the cipher suite and encryption method.
  4. After all these negotiation completed between client and server.
  5. Sever sends the certificate and symmetric key exchange.
  6. Handshake finished.
Now data is send and receive in encrypted form

Note: client can be browser

example: capture the packets through Wireshark. click on image for better view.

COMMUNICATION BETWEEN CLIENT AND SERVER
WHILE ENFORCING SSL 



After proper enforcement of SSL: