Web Security – SSL/TLS

SSL (Secure sockets layer) was its original name when it was built by Netscape. SSL was renamed TLS when the standard was taken over by the IETF and the version number was reset to one. So SSL version 2 (which is now obsolete) came before SSL version 3. But SSL v3 was followed by TLS v1.0. The current version, at the time of writing, is TLS v1.2.

In January this year (2010), Gmail switched to using HTTPS for everything by default.

Modern hardware can perform 1500 handshakes/second/core. That’s assuming that the handshakes involve a 1024-bit RSA private operation (make sure to use 64-bit software).

Refer : http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

SSL/TLS – Cryptographic protocols provides security for communication..

Two way of secured communication

Unilateral – Server only authenticated

Bilateral – Both Server and Clients are authenticated

CipherSuite – Its a combination of Crypto-algorithms & used in SSL/TLS.

CipherSuite consist of four parts,
1) Key Exchange
2) Authentication
3) Encryption/Decryption and
4) Digest or Integrity

Different set of algorithms are used based on their level of security and efficiency.

The OpenSSL v1.0 supports the following set of algorithms

DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ADH-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ADH-AES128-SHA:ADH-SEED-SHA:ADH-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC2-CBC-MD5:PSK-AES128-CBC-SHA:ADH-RC4-MD5:RC4-SHA:RC4-MD5:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:ADH-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-ADH-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-ADH-RC4-MD5:EXP-RC4-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5

You can view these things, by using the following command :
openssl ciphers ALL

For Example : DHE-RSA-AES256-SHA

Here,

DHE – Diffie Hellman Algorithm in Ephemeral mode used for Key Exchange

RSA – used for Authentication

AES256 – used for Encryption

SHA – used for Digest

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s