Define secure socket layer (ssl), Computer Network Security

Secure Socket Layer (SSL) accepts a combination of asymmetric and symmetric (public-key) encryption to accomplish integrity, confidentiality, authentication and non-repudiation for Internet interaction. In a nutshell SSL uses public key encryption to confidentially transmit a session key which can be needed to conduct symmetric encryption. SSL allows the public key technology to negotiate a shared session key between the server and the client. The public key is stored in an X.509 certificate that generally has a digital signature from a trusted 3rd party.

  • Client requests a document from a secure https server https://www.myapp.com.au.
  • The server gives its X.509 certificate to the client with its public key stored in the certificate.
  • The client validate whether the certificate has been issued by a CA it trusts.
  • The client checks the information in the certificate with the site's public key and domain name.
  • Client gives the server what cipher suites it has available.
  • The server obtains the strongest mutually available ciphers suite and notifies the client.
  • The client creates a session key (symmetric key or private key) and encrypts it using the server's public key and sends it to the server.
  • The server accepts the encrypted session key and decrypts it using its private key.
  • The server and client use the session key to decrypt and encrypt the data they send to each other.

 

Posted Date: 7/27/2012 6:08:46 AM | Location : United States







Related Discussions:- Define secure socket layer (ssl), Assignment Help, Ask Question on Define secure socket layer (ssl), Get Answer, Expert's Help, Define secure socket layer (ssl) Discussions

Write discussion on Define secure socket layer (ssl)
Your posts are moderated
Related Questions
Question (a) Estimate the average throughput between two hosts given that the RTT for a 100 bytes ICMP request-reply is 1 millisecond and that for a 1500 bytes is 2 millisecon

Question: (a) How can you prevent someone from accessing your computer when you leave your office for some time? (b) What is the difference between a classic login and a w

Threat Identification After identifying and performing a primary classification of an organization’s information assets, the analysis phase moves onto an examination of threats

Confidentiality Confidentiality of information ensures that only those with sufficient privileges may access specific information. When unauthorized individuals can access inform

(a) Cost allocation mechanisms are important when it comes to establishing other aspects of inter-firm compensations and how these are transferred to the users. There are two pri

MB Enterprise Systems Ltd based in Mauritius is a company specialized in application development with Europe as the main customer base. The company has implemented CMMI and has rec


Re: Website Google Ranking Hello! Hope you are doing well. I discovered some major issues in your website which might be the cause for the Google Penalties and poor search ranki

Application Gateways / firewall The application level firewall is installed on a dedicated computer; also called as a proxy server. These servers can store the recently accessed

Discuss how developers should apply the following countermeasures to improve the security of their code: