ssl_intro.html

mod_ssl-2.8.31-1.3.41.tar.gz 好用的ssl工具

<table summary="">
<tr valign="top">
<td><b>Version:</b></td>
<td><b>Source:</b></td>
<td><b>Description:</b></td>
<td><b>Browser Support:</b></td>
</tr>
<tr valign="top">
<td>SSL v2.0</td>
<td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td>
<td>First SSL protocol for which implementations exists</td>
<td>- NS Navigator 1.x/2.x<br>
    - MS IE 3.x<br>
    - Lynx/2.8+OpenSSL
</td>
</tr>
<tr valign="top">
<td>SSL v3.0</td>
<td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3">SSL3</a>]</td>
<td>Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains</td>
<td>- NS Navigator 2.x/3.x/4.x<br>
    - MS IE 3.x/4.x<br>
    - Lynx/2.8+OpenSSL
</td>
</tr>
<tr valign="top">
<td>TLS v1.0</td>
<td>Proposed Internet Standard (from IETF) [<a href="#TLS1">TLS1</a>]</td>
<td>Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for
    block ciphers, message order standardization and more alert messages.
</td>
<td>- Lynx/2.8+OpenSSL</td>
</table>
</td>
</tr></table>
</td></tr></table>
</div>
<p>
There are a number of versions of the SSL protocol, as shown in <a
href="#table4">Table 4</a>. As noted there, one of the benefits in SSL 3.0 is
that it adds support of certificate chain loading. This feature allows a
server to pass a server certificate along with issuer certificates to the
browser. Chain loading also permits the browser to validate the server
certificate, even if Certificate Authority certificates are not installed for
the intermediate issuers, since they are included in the certificate chain.
SSL 3.0 is the basis for the Transport Layer Security [<A
HREF="#TLS1">TLS</A>] protocol standard, currently in development by the
Internet Engineering Task Force (IETF).
<h3><a name="ToC12">Session Establishment</a></h3>
The SSL session is established by following a <I>handshake sequence</I>
between client and server, as shown in <a href="#figure1">Figure 1</a>. This
sequence may vary, depending on whether the server is configured to provide a
server certificate or request a client certificate. Though cases exist where
additional handshake steps are required for management of cipher information,
this article summarizes one common scenario: see the SSL specification for the
full range of possibilities.
<p>
<div align="center"><b>Note</b></div>
Once an SSL session has been established it may be reused, thus avoiding the
performance penalty of repeating the many steps needed to start a session.
For this the server assigns each SSL session a unique session identifier which
is cached in the server and which the client can use on forthcoming
connections to reduce the handshake (until the session identifer expires in
the cache of the server).
<p>
<div align="center">
<a name="figure1"></a>
<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
<caption align="bottom" id="sf">Figure 1: Simplified SSL Handshake Sequence</caption>
<tr><td bgcolor="#cccccc">
<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
<tr><td valign="top" align="center" bgcolor="#ffffff">
<img src="ssl_intro_fig1.gif" alt="" width="423" height="327">
</td>
</tr></table>
</td></tr></table>
</div>
<p>
The elements of the handshake sequence, as used by the client and server, are
listed below:
<ol>
<li>Negotiate the Cipher Suite to be used during data transfer
<li>Establish and share a session key between client and server
<li>Optionally authenticate the server to the client
<li>Optionally authenticate the client to the server
</ol>
<p>
The first step, Cipher Suite Negotiation, allows the client and server to
choose a Cipher Suite supportable by both of them. The SSL3.0 protocol
specification defines 31 Cipher Suites. A Cipher Suite is defined by the
following components:
<ul>
<li>Key Exchange Method
<li>Cipher for Data Transfer
<li>Message Digest for creating the Message Authentication Code (MAC)
</ul>
These three elements are described in the sections that follow.
<h3><a name="ToC13">Key Exchange Method</a></h3>
The key exchange method defines how the shared secret symmetric cryptography
key used for application data transfer will be agreed upon by client and
server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of
key exchange algorithms including the RSA key exchange when certificates are
used, and Diffie-Hellman key exchange for exchanging keys without certificates
and without prior communication between client and server.
<p>
One variable in the choice of key exchange methods is digital signatures --
whether or not to use them, and if so, what kind of signatures to use.
Signing with a private key provides assurance against a
man-in-the-middle-attack during the information exchange used in generating
the shared key [<a href="#AC96">AC96</a>, p516].
<h3><a name="ToC14">Cipher for Data Transfer</a></h3>
SSL uses the conventional cryptography algorithm (symmetric cryptography)
described earlier for encrypting messages in a session. There are nine
choices, including the choice to perform no encryption:
<ul>
<li>No encryption
<li>Stream Ciphers
    <ul>
    <li>RC4 with 40-bit keys
    <li>RC4 with 128-bit keys
    </ul>
<li>CBC Block Ciphers
    <ul>
    <li>RC2 with 40 bit key
    <li>DES with 40 bit key
    <li>DES with 56 bit key
    <li>Triple-DES with 168 bit key
    <li>Idea (128 bit key)
    <li>Fortezza (96 bit key)
    </ul>
</ul>
Here "CBC" refers to Cipher Block Chaining, which means that a portion of the
previously encrypted cipher text is used in the encryption of the current
block. "DES" refers to the Data Encryption Standard [<a href="#AC96">AC96</a>,
ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea"
is one of the best and cryptographically strongest available algorithms, and
"RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
ch13].
<h3><a name="ToC15">Digest Function</a></h3>
The choice of digest function determines how a digest is created from a record
unit. SSL supports the following:
<ul>
<li>No digest (Null choice)
<li>MD5, a 128-bit hash
<li>Secure Hash Algorithm (SHA-1), a 160-bit hash
</ul>
The message digest is used to create a Message Authentication Code (MAC) which
is encrypted with the message to provide integrity and to prevent against
replay attacks.
<h3><a name="ToC16">Handshake Sequence Protocol</a></h3>
The handshake sequence uses three protocols:
<ul>
<li>The <em>SSL Handshake Protocol</em>
    for performing the client and server SSL session establishment.
<li>The <em>SSL Change Cipher Spec Protocol</em> for actually establishing agreement
    on the Cipher Suite for the session.
<li>The <em>SSL Alert Protocol</em> for
    conveying SSL error messages between client and server.
</ul>
These protocols, as well as application protocol data, are encapsulated in the
<em>SSL Record Protocol</em>, as shown in <a href="#figure2">Figure 2</a>. An
encapsulated protocol is transferred as data by the lower layer protocol,
which does not examine the data. The encapsulated protocol has no knowledge of
the underlying protocol.
<p>
<div align="center">
<a name="figure2"></a>
<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
<caption align="bottom" id="sf">Figure 2: SSL Protocol Stack</caption>
<tr><td bgcolor="#cccccc">
<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
<tr><td valign="top" align="center" bgcolor="#ffffff">
<img src="ssl_intro_fig2.gif" alt="" width="428" height="217">
</td>
</tr></table>
</td></tr></table>
</div>
<p>
The encapsulation of SSL control protocols by the record protocol means that
if an active session is renegotiated the control protocols will be transmitted
securely. If there were no session before, then the Null cipher suite is
used, which means there is no encryption and messages have no integrity
digests until the session has been established.
<h3><a name="ToC17">Data Transfer</a></h3>
The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to
transfer application and SSL Control data between the client and server,
possibly fragmenting this data into smaller units, or combining multiple
higher level protocol data messages into single units. It may compress, attach
digest signatures, and encrypt these units before transmitting them using the
underlying reliable transport protocol (Note: currently all major SSL
implementations lack support for compression).
<p>
<div align="center">
<a name="figure3"></a>
<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
<caption align="bottom" id="sf">Figure 3: SSL Record Protocol</caption>
<tr><td bgcolor="#cccccc">
<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
<tr><td valign="top" align="center" bgcolor="#ffffff">
<img src="ssl_intro_fig3.gif" alt="" width="423" height="323">
</td>
</tr></table>
</td></tr></table>
</div>
<h3><a name="ToC18">Securing HTTP Communication</a></h3>
One common use of SSL is to secure Web HTTP communication between a browser
and a webserver. This case does not preclude the use of non-secured HTTP. The
secure version is mainly plain HTTP over SSL (named HTTPS), but with one major
difference: it uses the URL scheme <code>https</code> rather than
<code>http</code> and a different server port (by default 443). This mainly
is what mod_ssl provides to you for the Apache webserver...
<h2><a name="ToC19">References</a></h2>
<ul>
<p>
<li><a name="AC96"></a>
[AC96] Bruce Schneier, <em>Applied Cryptography</em>, 2nd Edition, Wiley,
       1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for
       various other materials by Bruce Schneier.
<p>
<li><a name="X208"></a>
[X208] ITU-T Recommendation X.208, <em>Specification of Abstract Syntax Notation
       One (ASN.1)</em>, 1988. See for instance <a
       href="ftp://ftp.neda.com/pub/itu/x.series/x208.ps">
       ftp://ftp.neda.com/pub/itu/x.series/x208.ps</a>.
<p>
<li><a name="X509"></a>
[X509] ITU-T Recommendation X.509, <em>The Directory - Authentication
       Framework</em>, 1988. See for instance <a
       href="ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc">
       ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc</a>.
<p>
<li><a name="PKCS"></a>
[PKCS] Kaliski, Burton S., Jr., <em>An Overview of the PKCS Standards</em>, An RSA
     Laboratories Technical Note, revised November 1, 1993.
     See <a href="http://www.rsa.com/rsalabs/pubs/PKCS/">
     http://www.rsa.com/rsalabs/pubs/PKCS/</a>.
<p>
<li><a name="MIME"></a>
[MIME] N. Freed, N. Borenstein, <em>Multipurpose Internet Mail Extensions
       (MIME) Part One: Format of Internet Message Bodies</em>, RFC2045.
       See for instance <a href="ftp://ftp.isi.edu/in-notes/rfc2045.txt">
       ftp://ftp.isi.edu/in-notes/rfc2045.txt</a>.
<p>
<li><a name="SSL2"></a>
[SSL2] Kipp E.B. Hickman, <em>The SSL Protocol</em>, 1995.
       See <a href="http://www.netscape.com/eng/security/SSL_2.html">
       http://www.netscape.com/eng/security/SSL_2.html</a>.
<p>
<li><a name="SSL3"></a>
[SSL3] Alan O. Freier, Philip Karlton, Paul C. Kocher, <em>The SSL Protocol
       Version 3.0</em>, 1996. See <a
       href="http://www.netscape.com/eng/ssl3/draft302.txt">
       http://www.netscape.com/eng/ssl3/draft302.txt</a>.
<p>
<li><a name="TLS1"></a>
[TLS1] Tim Dierks, Christopher Allen, <em>The TLS Protocol Version 1.0</em>,
       1997. See <a
       href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt">
       ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>.
</ul>
      <p>
      <br>
      <table summary="">
      <tr>
        <td>
           <table width="600" border="0" summary="">
           <tr>
            <td valign="top" align="left" width="250">
<a href="ssl_overview.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Overview</font>
            </td>
            <td valign="top" align="right" width="250">
<a href="ssl_reference.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Reference</font>
            </td>
           </tr>
           </table>
         </td>
      </tr>
      <tr>
        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
      </tr>
      <tr>
        <td><table width="598" summary="">
        <tr>
        <td align="left"><font face="Arial,Helvetica">
        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
        The Apache Interface to OpenSSL
        </font>
        </td>
        <td align="right"><font face="Arial,Helvetica">
        Copyright &copy; 1998-2001
        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
        All Rights Reserved<br>
        </font>
        </td>
        </tr>
        </table>
        </td>
      </tr>
      </table>
  </td>
</tr>
</table>
</div>
</body>
</html>