SSL:
SSL abbreviate Secure Socket Layer Protocol this protocol provides secure
communication between web server and client machine.
In short it create a encrypted(secure) link between web server and client.
It ensures the INTEGRITY of data i.e.data remains unchanged during communication.
Without SSL enforcement what happens:
 |
| GENERAL FIGURE |
 |
PACKETS ARE CAPTURES BY WIRESHARKFOR THAT WEBSITE WHICH DOESN'T ENFORCE SSL |
1.Extended validation:
In that certificate authority checks the Domain ownership,organisational information and legal existence of organization.its trust level is very high.
2.Organization Validation:
In that certificate authority checks the Domain ownership,organisational information.
3.Domain Validation:
In that certificate authority only checks the Domain name.its trust level is low.
HOW SSL WORKS:
STEPS:
- Client sends "Hello message" to server.
- Client sends some details to server like which TLS/SSL version it is running and what cipher suites it can used and what type of encryption it want to used.
- Sever checks highest version of TLS/SSL client can support,picks the cipher suite and encryption method.
- After all these negotiation completed between client and server.
- Sever sends the certificate and symmetric key exchange.
- Handshake finished.
Now data is send and receive in encrypted form
Note: client can be browser
example: capture the packets through Wireshark. click on image for better view.
 |
| COMMUNICATION BETWEEN CLIENT AND SERVER WHILE ENFORCING SSL |
After proper enforcement of SSL:
 |
very nice and easy to understand....well done
ReplyDeleteVery useful...Simple and easy to understand
ReplyDelete