SSL and TLS Flashcards
Why is web security important?
The web is widely used for a range of purposes.
What type of threats is the web vulnerable to?
- integrity
- confidentiality
- denial of service
- authentication
What does SSL stand for?
Secure Socket Layer
What is SSL?
A standard protocol that provides a range of security services to your application data.
Where does SSL sit in the TCP/IP model?
In-between the application layer and the TCP layer.
What is a basic application example for SSL?
- Client contacts Server
- Client conveys secret info to Server
- Client wants to authenticate the server.
What is the SSL Architecture?
SSL is broken into two parts “layers”:
1. Record Protocol
2. Multiple Protocols (Handshake, Change Cipher Spec, Alert Protocols)
What is the SSL Handshake Protocol?
Allows the server & Client to:
- Authenticate each other
- Negotiation encryption & MAC algorithms
- Negotiate cryptographic keys to be used
What is the SSL Change Cipher Spec Protocol?
Handles and notifies the client if there’s any change in the Cipher Spec.
What is the SSL Alert Protocol?
Handles warnings and errors of web communication.
What is an SSL session?
An association between a client and a server.
What does it mean that SSL sessions are stateful?
The session state includes security algorithms and parameters.
What might a session include?
Multiple secure connections between the same client and server.
What does connections of the same session share?
The session state.
What are sessions used for?
To avoid expensive negotiation of new security parameters for each connection (reconnection).