SSL protocol is a secure transmission protocol, and SSL is the abbreviation of SecureSocketLayer, that is, Secure Socket Layer Protocol. Originally developed by Netscape enterprises, this protocol has become a global standard protocol, which is used to authenticate the identities of websites and web surfers on the Internet and to encrypt communication between browser users and web servers. Since SSL technology has been established in all mainstream browsers and WEB server programs, only digital certificates or server certificates need to be installed to activate server functions. SSL protocol can provide relatively safe protection for credit cards and personal information. SSL is a protocol that encrypts the entire session between computers. In SSL, public key and private key are adopted. The advantage of SSL protocol is that it is independent of the establishment of application layer protocol. High-level application protocols such as HTTP, FTP and Telnet can be transparently built on SSL protocol. Before the application layer protocol communication, the encryption algorithm, communication key agreement and server authentication are completed. After that, the data transmitted by the application layer protocol will be encrypted, thus ensuring the security of our communication on the Internet. The security services provided by SSL protocol include: 1) authenticating users and servers to ensure that data is sent to the correct clients and servers; 2) Encrypt data to prevent data from being stolen; 3) Keep the integrity of the data and ensure that the data will not be changed during transmission. The main purpose of SSL is to provide confidentiality and reliability between two communication applications. This process is completed by three elements: 1 and handshake protocol. The handshake protocol is responsible for negotiating encryption parameters for the session between the client and the server. When an SSL client and server start communication for the first time, they agree on a protocol version, choose an encryption algorithm, choose mutual authentication, and use public key technology to generate a * * * shared key. 2. Recording protocol. Recording protocol is used to exchange application layer data. Application messages are divided into manageable data blocks and can be compressed, and MAC (Message Authentication Code) is applied. And then the result is encrypted and transmitted. The receiver accepts and decrypts the data, checks the MAC, decompresses and reassembles the data, and submits the result to the application protocol. 3. Warning protocol. This protocol is used to indicate when an error occurs or when the session between two hosts is terminated. Let's look at an example of using a WEB client and server. A WEB client starts an SSL session by connecting to a server that supports SSL. A typical WEB server that supports SSL accepts SSL connection requests at a different port (default value is 443) than standard HTTP requests (default value is 80). When the client connects to this port, it will initiate a handshake to establish an SSL session. When the handshake is completed, the communication content is encrypted and a message integrity check is performed until the SSL session expires. SSL creates a session during which a handshake can only occur once. When there is a problem with SSL session or the port setting is wrong, SSL connection will be unavailable. Steps of SSL handshake process: Step 1: SSL client connects to SSL server and asks the server to verify its identity. Step 2: The server proves its identity by sending its digital certificate. This exchange can also include the entire certificate chain up to the root certificate authority (CA). Verify the certificate by checking the expiration date and confirming that the certificate contains the digital signature of the trusted CA. Step 3: The server sends a request to verify the client's certificate. However, due to the lack of public key architecture, most servers today do not authenticate clients. Step 4: Negotiate the message encryption algorithm for encryption and the hash function for integrity check. Usually the client provides a list of all the algorithms it supports, and then the server chooses the most secure encryption algorithm. Step 5: The client and the server generate the session key through the following steps: a. The client generates a random number, encrypts it with the server's public key (obtained from the server's certificate), and then sends it to the server; B. The server uses more random data (the client key is used when it is available; Otherwise the data is sent in clear text). C, generating a security key from random data by using a hash function. The advantage of SSL protocol is that it provides connection security, and it has three basic attributes: L connection is private. After the key is defined in the initial handshake, the encryption algorithm will be used. Symmetric encryption (such as DES and RC4) is used for data encryption. L Asymmetric encryption or public key encryption (such as RSA and DSS) can be used to verify the identity of peer entities. L reliable connection. Message transmission uses the key MAC, including message integrity check. In which secure hash functions (such as SHA and MD5) are used for MAC calculation. The acceptance of SSL is limited to HTTP. It has been proved that it can be used in other protocols, but it has not been widely used. Collect this article and download this article (DOC format) and download this article (TXT format)