Slides-10 On Network Security
Slides-10 On Network Security
Fredrik Erlandsson
WEB Security
Outline
TCP
IP
Fragment
Compress
Add MAC
Encrypt
Append SSL
Record Header
Blekinge Institute of Technology
Fredrik Erlandsson ET1318 - Network Security 8
SSL Record Format
Plaintext
encrypted
(optionally
compressed)
te
certifica
hange
key_exc
server_ Phase 2
Server may send certificate, key exchange,
quest
certif icate_re and request certificate. Server signals end
of hello message phase.
one
hello_d
s e r v er_
Time
certifica
te
client_k Phase 3
ey_exch
ange Client sends certificate if requested. Client
sends key exchange. Client may send
certifica
te_verif certificate verification.
y
change
_cipher
_spec
finished
Phase 4
Change cipher suite and finish
spec
a n g e _ cipher_ handshake protocol.
ch
finished
END