SSL Certificate explained


Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but the protocol remains substantially the same. The term "TLS" as used here applies to both protocols unless clarified by context.

Description


The TLS protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security-in which both ends of the "conversation" are sure with whom they are communicating-is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients unless TLS-PSK or TLS-SRP are used, which provide strong mutual authentication without needing to deploy a PKI.

TLS involves three basic phases:
  1. Peer negotiation for algorithm support
  2. Public key exchange and certificate-based authentication
  3. Symmetric cipher encryption
During the first phase, the client and server negotiate cipher suites, which combine one cipher from each of the following:
  • Public-key cryptography: RSA, Diffie-Hellman, DSA
  • Symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES, AES or Camellia
  • Cryptographic hash function: MD2, MD4, MD5 or SHA

How it works


A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.
  • The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of ciphers and hash functions.
  • From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
  • The server sends back its identification in the form of a digital certificate. The SSL certificate will usually contain the server name, the trusted certificate authority (CA), and the server's public encryption key.

The client may contact the server of the trusted CA and confirm that the certificate is authentic before proceeding.
  • In order to generate the session keys used for the secure connection, the client encrypts a random number with the server's public key, and sends the result to the server. Only the server can decrypt it (with its private key): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data.
  • Both parties generate key material for encryption and decryption.
This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes.

If any one of the above steps fails, the TLS handshake fails, and the connection is not created.

TLS Handshake in Detail


The TLS protocol exchanges records that encapsulate the data to be exchanged. Each record can be compressed, padded, appended with a message authentication code (MAC), or encrypted, all depending on the state of the connection. Each record has a content type field that specifies the record, a length field, and a TLS version field.

When the connection starts, the record encapsulates another protocol, the handshake protocol, which has content type 22.

A simple connection example follows:
  • A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods.
  • The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher suite, and compression method from the choices offered by the client.
  • The Server sends its Certificate (depending on the selected cipher suite, this may be omitted by the Server).
: These certificates are currently X.509, but there is also a draft specifying the use of OpenPGP based certificates.

  • The server may request a certificate from the client, so that the connection can be mutually authenticated, using a CertificateRequest.
  • The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
  • The Client responds with a ClientKeyExchange message, which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.)
  • The Client and Server then use the random numbers and PreMasterSecret to compute a common secret, called the "master secret". All other key data is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".
  • The Client now sends a ChangeCipherSpec message, essentially telling the Server, "Everything I tell you from now on will be encrypted." Note that the ChangeCipherSpec is itself a record-level protocol, and has type 20, and not 22.
  • Finally, the Client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.
  • The Server will attempt to decrypt the Client's Finished message, and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.
  • Finally, the Server sends a ChangeCipherSpec and its encrypted Finished message, and the Client performs the same decryption and verification.
  • At this point, the "handshake" is complete and the Application protocol is enabled, with content type of 23. Application messages exchanged between Client and Server will be encrypted.

Security


TLS/SSL have a variety of security measures:
  • The client may use the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA.
  • The client verifies that the issuing Certificate Authority (CA) is on its list of trusted CAs.
  • The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.
  • To protect against Man-in-the-Middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate. Browser-dependent, not defined by TLS.
  • Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.
  • Numbering all the Application records with a sequence number, and using this sequence number in the MACs.
  • Using a message digest enhanced with a key (so only a key-holder can check the MAC). This is specified in RFC 2104. TLS only.
  • The message that ends the handshake ("Finished") sends a hash of all the exchanged handshake messages seen by both parties.
  • The pseudorandom function splits the input data in half and processes each one with a different hashing algorithm (MD5 and SHA-1), then XORs them together. This provides protection if one of these algorithms is found to be vulnerable. TLS only.
  • SSL v3 improved upon SSL v2 by adding SHA-1 based ciphers, and support for certificate authentication. Additional improvements in SSL v3 include better handshake protocol flow and increased resistance to man-in-the-middle attacks.


Applications


TLS runs on layers beneath application protocols such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce and asset management. SMTP is also an area in which TLS has been growing and is specified in RFC 3207. These applications use public key certificates to verify the identity of endpoints.

An increasing number of client and server products support TLS natively, but many still lack support. As an alternative, users may wish to use standalone TLS products like Stunnel. Wrappers such as Stunnel rely on being able to obtain a TLS connection immediately, by simply connecting to a separate port reserved for the purpose. For example, by default the TCP port for HTTPS is 443, to distinguish it from HTTP on port 80.

TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. Many vendors now marry TLS's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of the browser to enable support for client/server applications. When compared against traditional IPsec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote-access populations.

TLS is also increasingly being used as the standard method for protecting SIP application signaling. TLS can be used to provide authentication and encryption of the SIP signalling associated with VOIP (Voice over IP) and other SIP-based applications.

History and development


The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in 1994 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0", which was released in 1996 (Rescorla 2001). This later served as the basis for TLS version 1.0, an IETF standard protocol first defined in RFC 2246 in January 1999. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet.

SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers.

Early short keys


Some early implementations of SSL used 40-bit symmetric keys because of US government restrictions on the export of cryptographic technology. The US government explicitly imposed a 40-bit keyspace, which was small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of cryptographic products with longer key sizes produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away, and modern implementations use 128-bit (or longer) keys for symmetric key ciphers.

Standards


The first definition of TLS appeared in:
  • RFC 2246: "The TLS Protocol Version 1.0".

The current approved version is 1.1, which is specified in
  • RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1".

The next version is proposed:
  • RFC Draft 4346 - The TLS Protocol, Version 1.2 (published July 2007, expires January 2008)

Other RFC subsequently extended TLS, including:
  • RFC 2595: "Using TLS with IMAP, POP3 and ACAP". Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 2712: "Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)". The 40-bit ciphersuites defined in this memo appear only for the purpose of documenting the fact that those ciphersuite codes have already been assigned.
  • RFC 2817: "Upgrading to TLS Within HTTP/1.1", explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443).
  • RFC 2818: "HTTP Over TLS", distinguishes secured traffic from insecure traffic by the use of a different 'server port'.
  • RFC 3207: "SMTP Service Extension for Secure SMTP over Transport Layer Security". Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 3268: "AES Ciphersuites for TLS". Adds Advanced Encryption Standard (AES) ciphersuites to the previously existing symmetric ciphers.
  • RFC 3546: "Transport Layer Security (TLS) Extensions", adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions.
  • RFC 4132: "Addition of Camellia Cipher Suites to Transport Layer Security (TLS)".
  • RFC 4162: "Addition of SEED Cipher Suites to Transport Layer Security (TLS)".
  • RFC 4279: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", adds three sets of new ciphersuites for the TLS protocol to support authentication based on pre-shared keys.
  • RFC 4347: "Datagram Transport Layer Security" specifies a TLS variant that works over datagram protocols (such as UDP).
  • RFC 4366: "Transport Layer Security (TLS) Extensions" describes both a set of specific extensions, and a generic extension mechanism.
  • RFC 4492: "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)".


Implementation


Programmers may use the OpenSSL, NSS, or GnuTLS libraries for SSL/TLS functionality. Microsoft Windows includes an implementation of SSL and TLS as part of its Secure Channel package. Delphi programmers may use a library called Indy.

TLS 1.1


As noted above, TLS 1.1 is the current approved version of the TLS protocol. TLS 1.1 clarifies some ambiguities and adds a number of recommendations, but remains very similar to TLS 1.0. A full list of differences is provided in RFC 4346 (Section 1.1).

Certificate providers


A 2005 Netcraft survey determined that VeriSign and its acquisitions such as Thawte have a 53% share of the certificate authority market, followed by GeoTrust (25%), Comodo (12%), GoDaddy (4%) and Entrust (2%). (GeoTrust has since been acquired by VeriSign.)

A more recent market share report from Security Space as of April 2007 determined that VeriSign and its acquisitions (including GeoTrust) have a 59.6% share of the certificate authority market, followed by Comodo (8.3%), GoDaddy (5.3%), DigiCert (2.1%), Entrust (1.3%) and Network Solutions (1.1%).

CAcert.org is a community-driven certificate authority that issues free public key certificates.


<-- Previous | Home Glossary | Next -->

📣 Latest tweets mentioning SSL Certificate


📖 Latest blogs mentioning SSL Certificate

clickssl.net Icon 🏆 Alexa 314,289 - 📅 - What is Certificate Signing Request (CSR )? – How to Generate it? - SSL (Secure Sockets Layer) is a protocol that secures travelling data between both end like the server to customer web browser. To keep eavesdrop away from ongoing data, Companies are now preferring to have SSL certificate on their website. There ...
bionicwp.com Icon 🏆 Alexa 619,356 - 📅 - Secure Business Hosting With SSL for WP Sites - When it comes to securing your business hosting for WordPress sites with SSL, think of it as the digital lock that keeps your sensitive data safe from prying eyes. By implementing SSL certificates, you not only establish trust with your audience but
hostmines.com Icon 🏆 Alexa 148,089 - 📅 - Understanding SSL Certificates: A Guide to Website Security - When it comes to safeguarding your digital domain, SSL certificates act as the sturdy gates that protect your website\’s information. But have you ever wondered about the intricate workings behind these virtual guardians? Understanding SSL ...
offshorededi.com Icon 🏆 Alexa 777,175 - 📅 - Unmasking the Misconceptions: SSL Certificate Myths Debunked - When it comes to online security, an SSL certificate is a very important component that allows encrypting data and thus, safeguarding our private information. Even though there are some misconceptions about SSL certificates which can be very ...
clickssl.net Icon 🏆 Alexa 314,289 - 📅 - Best Cheap Multi Domain SSL Certificate & Providers of 2024 - A cheap multi-domain SSL certificate is a perfect SSL certificate to secure your multiple domains with one certificate. A cheap multi domain SSL is the need of the hour. The potential risks from hackers have increased manifold. As per the study, ...
aveshost.com Icon 🏆 Alexa 117,954 - 📅 - Understanding SSL Certificates: Why They Matter for Website Security - In the current digital era, where we entrust websites with everything from our online shopping sprees to our deepest financial information, website security is paramount. But how can you, as a website owner or user, be certain your data is truly ...
reclaimhosting.com Icon 🏆 Alexa 379,528 - 📅 - AutoSSL Rate Limiting on cPanel Servers - As part of a recent update, cPanel has changed their provider for SSL certificates issued through AutoSSL. Previously they used Sectigo for automatically-issued certs, with Let's Encrypt available as an alternative for users through a cPanel plugin.

📋 Latest news about SSL Certificate

What is an SSL certificate used for? - 📅 - SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. What is an SSL certificate used for? An SSL certificate is a bit ...
Realtime Register Extends Domain Services with New SSL Certificate Portfolio - 📅 - Domain name management platform Realtime Register (realtimeregister.com), a domains platform aiming its services at registrars and resellers across the globe, has completely renewed its SSL certificate portfolio. With over 1,000 TLDs from 50 registries in its portfolio, the domain name management platform now also ...
StackPath Partners With Sectigo to Offer Free Private SSL Certificates - 📅 - StackPath, a rapidly growing provider of secured cloud services built at the cloud's edge that has acquired its way to $200 million in revenues in just a few years time, now partners with Sectigo – formerly known as IT security solutions provider Comodo CA – to include private SSL certificates at no additional cost ...
Get your SSL certificate from Amplica with 20% discount! - 📅 - Google will dramatically charge sites that are not secure. Are you ready for the new changes? Get your SSL certificate from Amplica with 20% discount!
Amplica suggests you are part of the online security movement and bring your site to the top of those that deserve the trust of visitors. Get an SSL certificate with a ...
Get now your SSL certificate from Amplica with 20% discount! - 📅 - Google will charge dramatically sites that are not secure. Are you ready for the new changes? Get now your SSL certificate from Amplica with 20% discount!
Amplica proposes you to be part of the online security movement and bring your site to the top of those that deserve the trust of visitors. Get now an SSL ...
Free SSL Certificate with every web hosting package on Greece - 📅 - Hostsun helps you follow the new era at no extra cost by providing a completely free SSL certificate forever with every package for web hosting! Hostsun is one of the first and few companies in Greece to providefree SSL Certificate for your website. Get Free ssl certificate for ever! At Hostsun on every web hosting ...
Do SSL Certificate Help with Search Ranking? - 📅 - An SSL certificate didn't use to matter when it came to your SEO ranking. However, that changed with an announcement from Google stating that an SSL certificate could boost search rankings. When this announcement came out, marketers were going nuts trying to get SSL certificates for their websites. Full Website ...