Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
What does the SSL Record Protocol do? |
Fragments data into 2^14 byte chunks (may compress) Adds MAC Encrypts data Appends to SSL Record header |
|
What does the Change Cipher protocol do? |
Handshake protocol establishes a connection, the state of the connection is in a pending state till change to protcol is made to make it current (basically a confirmation) |
|
What does alert protocol do? |
Each message 2 bytes 1st byte for level of severity 2nd for alert code |
|
What does the handshake protocol do? |
Allows server and client to: Authenticate each other Negotiate encryption and mac algorithms Negotiate cryptographic paramters and keys And the state THIS IS DONE BEFORE ANY DATA IS TRANSMITTED |
|
Client version? |
Highest version of ssl or tls supported by the client |
|
Client random? |
Defines how long packages need to be validated for, so if a message takes longer than the planned time to get somewhere it's invalidated. |
|
Client session id? |
0 for new session or old ID if establishing a connection |
|
Client Cipher Suites? |
List of cryptographic options supported by client by order of preference |
|
Client Compression methods? |
List of compression method supported by the client |
|
Server version? |
Highest version of SSL or TLS supported by both server and client |
|
Server random? |
Current time + random bytes which need to be independent of the client's random bytes |
|
Server session id? |
Chosen after checking what client wants to do. Either new session id or resume session with session id if possible |
|
Server Cipher suite? |
1 Cipher suite chosen by server from client's options |
|
Server Compression method? |
Chosen by server from client's options. |
|
Server certificate? |
Mandatory. Server to client for authentication. Needed for every key exchange except anonymous DH. Contains 1 or more certificates. |
|
Server key exchange? |
If certificate does not contain enough info for key exchange. Digitally signed. |
|
Certificate request? |
Sent if the client needs to authenticate itself to the server, specifies type of certificate requested |
|
Server hello done? |
Indicates server has finished its part of the key exchange, server waits for client response and verification of valid certificate and server parameters are acceptable |
|
Certificate and client key exchange? |
Sent only if requested by server? Client key always sent May contain 3 types e.g. RSA, Fortezza, encrypted RSA |
|
Encrypted version number confirmation? |
Client includes this (already agreed upon) to let the server know the response is from an authentic client. AUTHENTICATION |
|
Certificate verify? |
Client signs a hash containing the master secret and handshake messages. Sent only if the client sends a certificate. |
|
Generating a secret shared key? |
Client generates 48 byte premaster secret (random number) Encrypts using server's rsa pub key 2 bytes of premaster key confirm the client version Server decrypts with prv key and authenticates |
|
Generating secret shared key 2? |
Client and server use premaster key and random numbers to generate the master secret 48 bytes long total 384 bits = 128/3 1 for MAC 1 for symmetric encryption key 1 for IV for symmetric algorithm |
|
Finished message? |
Used to verify key exchange and authentication was successful, sent immediately after change cipher spec message |
|
Https uses what port? |
443 |