TLS: (Transport layer security) is used to provide confidentiality and data integrity between two applications. This protocol consists of two layers: TLS recording protocol and TLS handshake protocol.
SSL is specially developed by Netscape to protect Web communication, and the current version is 3.0. The latest version of TLS 1.0 is a new protocol formulated by IETF (Engineering Task Force), which is based on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. There is little difference between the two, which can be understood as SSL 3. 1, written in RFC. ?
SSL (secure socket layer)
The data encryption technology developed by Netscape to ensure the security of data transmission on the Internet can ensure that data will not be intercepted when transmitted on the network. At present, the general safety standard is 40 bit, and the United States has introduced a higher safety standard 128 bit, but it is restricted from leaving the country. As long as version 3.0 or above ie or Netscape browser can support SSL. ?
The current version is 3.0. It has been widely used for authentication and encrypted data transmission between web browsers and servers.
SSL protocol is located between TCP/IP protocol and various application layer protocols, which provides security support for data communication. SSL protocol can be divided into two layers: SSL recording protocol, based on reliable transport protocols (such as TCP), provides support for high-level protocols such as data encapsulation, compression and encryption. SSL handshake protocol: based on SSL recording protocol, it is used for identity authentication, encryption algorithm negotiation, encryption key exchange and so on. Before the actual data transmission.
The services provided by SSL protocol mainly include:
1) authenticates users and servers to ensure that data is sent to the correct clients and servers;
2) Encrypt data to prevent data from being stolen;
3) Maintain the integrity of the data and ensure that the data will not be changed during transmission.
The workflow of SSL protocol:
Server verification stage:
1) The client sends a start message "Hello" to the server to start a new session connection;
2) The server determines whether a new master key needs to be generated according to the customer's information, and if so, the server will include the information needed to generate the master key when responding to the customer's "Hello" information;
3) The client generates a master key according to the received server response information, encrypts it with the server's public key and sends it to the server;
4) The server recovers the master key and returns the message authenticated by the master key to the customer, so that the customer can authenticate the server.
User authentication stage: before this, the server has passed the customer authentication, and this stage mainly completes the customer authentication. The authenticated server sends a question to the client, and the client returns the (digitally) signed question and its public key, thus providing authentication to the server.
From the service provided by SSL protocol and its workflow, it can be seen that the operation of SSL protocol is based on the commitment of merchants to keep consumer information confidential, which is beneficial to merchants and unfavorable to consumers. In the initial stage of e-commerce, this problem has not been fully exposed, because most enterprises engaged in e-commerce are large companies with high reputation. However, with the development of e-commerce, small and medium-sized companies are also involved, so the problem of single authentication in the process of electronic payment is becoming more and more prominent. Although in SSL3.0, the identity authentication between the browser and the Web server can be realized by digital signature and digital certificate, there are still some problems in SSL protocol, for example, it can only provide the identity authentication between the client and the server in the transaction, and it can't coordinate the secure transmission and trust relationship between the parties in the electronic transaction involving many parties. In this case, two major credit card organizations, Visa and MasterCard, have formulated the SET agreement, which provides a global standard for online credit card payment. ?
Tls (transport layer security protocol): secure transport layer protocol?
Secure Transport Layer Protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. This protocol consists of two layers: TLS recording protocol and TLS handshake protocol. The lower layer is the TLS recording protocol, which is above the reliable transmission protocol (such as TCP).
The connection security provided by TLS recording protocol has two basic characteristics:?
Private symmetric encryption is used for data encryption (DES, RC4, etc.). ). The key generated by symmetric encryption is unique for each connection, and this key is negotiated based on another protocol (such as handshake protocol). The recording protocol can also be used without encryption. ?
Reliable-Information transmission includes information integrity check using key MAC. Secure hash functions (SHA, MD5, etc. ) for MAC computing. Recording protocol can run without MAC, but it can only be used in this mode, that is, another protocol is using recording protocol to transmit and negotiate security parameters. ?
TLS recording protocol is used to encapsulate various high-level protocols. Handshake protocol is one of these encapsulation protocols, which allows server and client to authenticate each other and negotiate encryption algorithm and encryption key before the application protocol sends and receives its first data byte. The connection security provided by TLS handshake protocol has three basic properties:
Asymmetric or public key encryption can be used to authenticate the identity of peers. This authentication is optional, but at least one node is required.
* * * It is safe to enjoy the negotiation of encryption keys. It is difficult for thieves to obtain negotiated encryption. In addition, authenticated connections cannot be encrypted, even if an attacker enters the middle of the connection.
The negotiation is reliable. No attacker can modify the communication negotiation without being detected by the members of the communication party. ?
The biggest advantage of TLS is its independence from application protocols. High-level protocols can be transparently distributed on TLS protocols. However, the TLS standard does not specify how applications can increase security on TLS; It leaves the decision of how to start the TLS handshake protocol and how to interpret the exchanged authentication certificates to the designers and implementers of the protocol. ?
Protocol structure?
TLS protocol includes two protocol groups -TLS recording protocol and TLS handshake protocol-each of which has many different formats of information. In this document, we only listed the outline of the agreement, without making a specific analysis. See related documents for details.
TLS recording protocol is a layered protocol. The information in each layer may contain fields such as length, description and content. Recording protocol supports information transmission, dividing data into manageable blocks, data compression, MAC application, encryption and transmission of results. Decrypt, check, decompress and recombine the received data, and then transmit it to the high-level client.
TLS connection state refers to the operating environment of TLS recording protocol. It specifies the compression algorithm, encryption algorithm and MAC algorithm.
The TLS recording layer receives continuous data without empty blocks of any size from the upper layer. Key calculation: the recording protocol generates keys, IV and MAC keys from the security parameters provided by the handshake protocol through algorithms.
TLS handshake protocol consists of three sub-protocol groups, which allows peers to agree on the security parameters of the recording layer, self-authenticate, instantiate and negotiate security parameters, and report errors to each other. ?
The relationship is. . . . constellation
The latest version of TLS (Transport Layer Security) is a new protocol formulated by IETF (Internet Engineering Task Force), which is based on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. There are great differences between TLS and SSL3.0, mainly because they support different encryption algorithms, so TLS and SSL3.0 cannot interoperate.
1. TLS and SSL
1) version number: TLS record format is the same as SSL record format, but the value of version number is different. The 1.0 version of TLS uses the version number SSLv3. 1.
2) Message authentication code: The MAC algorithm and MAC calculation range of SSLv3.0 and TLS are different. TLS uses HMAC algorithm defined by RFC-2 104. SSLv3.0 uses a similar algorithm. The difference between them is that in SSLv3.0, concatenation operation is used between padding bytes and keys, while HMAC algorithm uses XOR operation. But the security level of the two is the same.
3) Pseudo-random function: TLS uses a pseudo-random function called PRF to expand the key into data blocks, which is a relatively safe way.
4) Alarm codes: TLS supports almost all the alarm codes of SSLv3.0, and TLS also defines many additional alarm codes, such as decryption_failed, record_overflow, unknown CA(unknown_ca), access_denied, and so on.
5) Ciphertext family and client certificate: There are some differences between SSLv3.0 and TLS, that is, TLS does not support Fortezza key exchange, encryption algorithm and client certificate.
6)certificate_verify and finished messages: SSLv3.0 and TLS when using certificate_verify and finished messages to calculate MD5 and SHA- 1 hash codes, the input is slightly different, but the security is equivalent.
7) Encryption calculation: TLS and SSLv3.0 calculate the master secret in different ways.
8) padding: padding bytes that need to be added before user data encryption. In SSL, the length of padding data should reach the minimum integer multiple of the ciphertext block length. In TLS, the length of padding data can be any integer multiple of the ciphertext block length (but the maximum length of padding is 255 bytes), which can prevent attacks based on message length analysis.
Major enhancements of 2.2. Tank laser sight (short for Tank Laser-Sight)
The main goal of TLS is to make SSL more secure and the specification of the protocol more accurate and perfect. TLS provides the following enhancements based on SSL v3.0:
1) A more secure MAC algorithm
2) More stringent alarm
3) Define the "gray area" specification more clearly.
3. The security is improved by 3. Tank laser sight (short for Tank Laser-Sight)
1) Use key hashing method for message authentication: TLS uses "key hashing method of message authentication code" (HMAC) to ensure that records will not be changed when transmitted on an open network (such as the Internet). SSLv3.0 also provides keyed message authentication, but HMAC is more secure than the MAC function (message authentication code) used by SSLv3.0.
2) Enhanced pseudo-random function (PRF): PRF generates key data. In TLS, HMAC defines PRF. PRF uses two hashing algorithms to ensure its security. If any algorithm is exposed, as long as the second algorithm is not exposed, the data is still safe.
3) Improved complete message verification: Both TLS and SSLv3.0 provide complete messages to both endpoints, which verifies that the exchanged messages have not been changed. However, TLS completes this message based on PRF and HMAC values, which is also more secure than SSLv3.0.
4) Consistent certificate handling: Unlike SSLv3.0, TLS attempts to specify the types of certificates that must be exchanged between TLS.
5) Specific alert messages: TLS provides more specific additional alerts to indicate problems detected by any session endpoint. TLS also records when certain alerts should be sent.