banner



Home  ›  Which Of The Following Is Sometimes Used To Encrypt Data At The Data-link Layer Of The Tcp/ip Stack?

Which Of The Following Is Sometimes Used To Encrypt Data At The Data-link Layer Of The Tcp/ip Stack?

Written By Saturday 23 April 2022 Add Comment Edit

Home Page

  • Java Software
  • Java SE Downloads
  • Java SE 8 Documentation

Send Layer Security (TLS) Protocol Overview

  • How TLS Works
  • Cryptographic Processes
    • Undercover-Key Cryptography
    • Public-Key Cryptography
    • Comparison Between Secret-Key and Public-Key Cryptography
    • Public Key Certificates
    • Cryptographic Hash Functions
    • Message Hallmark Code
    • Digital Signatures
  • The TLS i.iii Handshake
    • The TLS 1.3 Protocol
      • Key Substitution
      • Server Parameters
      • Authentication
    • Session Resumption with a Pre-Shared Primal
    • Mail service-Handshake Messages
      • New Session Ticket Message
      • Post-Handshake Authentication
      • KeyUpdate Message
    • Compatibility Risks and Known Problems
  • The TLS 1.2 Handshake
    • The TLS 1.two Protocol
      • Handshaking Once more (Renegotiation)
      • Zip Suite Choice and Remote Entity Verification

Ship Layer Security (TLS) is the virtually widely used protocol for implementing cryptography on the spider web. TLS uses a combination of cryptographic processes to provide secure communication over a network. This section provides an introduction to TLS and the cryptographic processes information technology uses.

TLS provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. As shown in the table TCP/IP Protocol Stack with TLS, the secure sockets layer is added between the transport layer and the application layer in the standard TCP/IP protocol stack. The application virtually commonly used with TLS is Hypertext Transfer Protocol (HTTP), the protocol for Internet web pages. Other applications, such as Internet News Transfer Protocol (NNTP), Telnet, Lightweight Directory Admission Protocol (LDAP), Interactive Message Admission Protocol (IMAP), and File Transfer Protocol (FTP), can exist used with TLS besides.

TCP/IP Protocol Stack with TLS

TCP/IP Layer Protocol
Application Layer HTTP, NNTP, Telnet, FTP, then on
Ship Layer Security TLS
Transmission Control Protocol TCP
Net Layer IP

Secure Socket Layer (SSL) was adult past Netscape in 1994, and with input from the Internet customs, has evolved to become a standard. It is now under the control of the international standards organization, the Internet Engineering Chore Force (IETF). The IETF renamed SSL to TLS, and released the kickoff specification, version ane.0, in January 1999. TLS one.0 is a pocket-size upgrade to the nigh recent version of SSL, version three.0. This upgrade corrected defects in previous versions and prohibited the utilize of known weak algorithms. TLS 1.1 was released in April 2006, TLS 1.two in August 2008, and TLS 1.iii in August 2018. TLS 1.three is a major overhaul of the TLS protocol and provides significant security and functioning improvements over previous versions.

How TLS Works

One of the reasons that TLS is effective is that it uses several different cryptographic processes. TLS uses public-key cryptography to provide hallmark, and cloak-and-dagger-cardinal cryptography with hash functions to provide for privacy and information integrity. Before you tin can understand TLS, information technology'due south helpful to empathise these cryptographic processes.

Cryptographic Processes

The primary purpose of cryptography is to get in difficult for an unauthorized third party to access and understand individual communication between two parties. It is not e'er possible to restrict all unauthorized access to data, but individual data can exist made unintelligible to unauthorized parties through the process of encryption. Encryption uses complex algorithms to catechumen the original bulletin (cleartext) to an encoded message (ciphertext). The algorithms used to encrypt and decrypt data that is transferred over a network typically come up in ii categories: secret-key cryptography and public-fundamental cryptography.

Both secret-fundamental cryptography and public-key cryptography depend on the employ of an agreed-upon cryptographic cardinal or pair of keys. A cardinal is a cord of $.25 that is used by the cryptographic algorithm or algorithms during the process of encrypting and decrypting the data. A cryptographic key is like a key for a lock; but with the right fundamental can you open the lock.

Safely transmitting a key between ii communicating parties is not a trivial matter. A public cardinal document enables a party to safely transmit its public key, while providing assurance to the receiver of the actuality of the public fundamental. Run across Public Primal Certificates.

The descriptions of the cryptographic processes in secret-primal cryptography and public-primal cryptography follow conventions widely used past the security customs: the 2 communicating parties are labeled with the names Alice and Bob. The unauthorized third party, besides known every bit the assaulter, is named Charlie.

Secret-Key Cryptography

With clandestine-central cryptography, both communicating parties, Alice and Bob, utilize the aforementioned key to encrypt and decrypt the letters. Before any encrypted data can be sent over the network, both Alice and Bob must have the key and must concord on the cryptographic algorithm that they will utilize for encryption and decryption

One of the major bug with secret-key cryptography is the logistical issue of how to become the key from i political party to the other without allowing admission to an aggressor. If Alice and Bob are securing their data with secret-key cryptography, and if Charlie gains admission to their key, then Charlie tin understand whatever clandestine letters he intercepts betwixt Alice and Bob. Not only tin Charlie decrypt Alice's and Bob'south letters, but he can also pretend that he is Alice and send encrypted data to Bob. Bob won't know that the message came from Charlie, not Alice.

After the problem of secret key distribution is solved, secret-key cryptography tin can be a valuable tool. The algorithms provide splendid security and encrypt data relatively quickly. The majority of the sensitive data sent in an TLS session is sent using clandestine-central cryptography.

Secret-central cryptography is as well called symmetric cryptography considering the same key is used to both encrypt and decrypt the data. Well-known secret-central cryptographic algorithms include Advanced Encryption Standard (AES), Triple Information Encryption Standard (3DES), and Rivest Nothing 4 (RC4).

Public-Key Cryptography

Public-key cryptography solves the logistical problem of key distribution by using both a public primal and a individual key. The public key can be sent openly through the network while the individual key is kept private by one of the communicating parties. The public and the private keys are cryptographic inverses of each other; what one fundamental encrypts, the other cardinal will decrypt.

Presume that Bob wants to send a hugger-mugger message to Alice using public-key cryptography. Alice has both a public key and a private key, so she keeps her private key in a prophylactic place and sends her public central to Bob. Bob encrypts the hole-and-corner message to Alice using Alice'southward public key. Alice can later decrypt the message with her individual key.

If Alice encrypts a bulletin using her private key and sends the encrypted bulletin to Bob, then Bob can exist sure that the information he receives comes from Alice; if Bob tin decrypt the data with Alice'due south public key, the message must take been encrypted by Alice with her private key, and but Alice has Alice'due south private cardinal. The problem is that anybody else can read the bulletin as well considering Alice's public key is public. Although this scenario does not allow for secure information communication, it does provide the basis for digital signatures. A digital signature is one of the components of a public cardinal document, and is used in TLS to authenticate a client or a server. Encounter Public Key Certificates and Digital Signatures.

Public-key cryptography is also called disproportionate cryptography because different keys are used to encrypt and decrypt the data. A well-known public fundamental cryptographic algorithm often used with TLS is the Rivest Shamir Adleman (RSA) algorithm. Another public key algorithm used with TLS that is designed specifically for secret primal exchange is the Diffie-Hellman (DH) algorithm. Public-primal cryptography requires extensive computations, making it very slow. It is therefore typically used only for encrypting small pieces of data, such as secret keys, rather than for the majority of encrypted information communications.

Comparing Between Cloak-and-dagger-Key and Public-Primal Cryptography

Both hugger-mugger-key cryptography and public-key cryptography have strengths and weaknesses. With secret-fundamental cryptography, information can be encrypted and decrypted quickly, but because both communicating parties must share the same secret primal information, the logistics of exchanging the key tin be a trouble. With public-cardinal cryptography, key substitution is not a problem because the public key does non demand to be kept secret, just the algorithms used to encrypt and decrypt information require extensive computations, and are therefore very slow.

Public Key Certificates

A public key certificate provides a rubber way for an entity to pass on its public key to be used in asymmetric cryptography. The public key document avoids the following situation: if Charlie creates his own public fundamental and private key, he can claim that he is Alice and send his public fundamental to Bob. Bob will be able to communicate with Charlie, but Bob volition retrieve that he is sending his data to Alice.

A public key certificate can be idea of as the digital equivalent of a passport. Information technology is issued by a trusted organization and provides identification for the bearer. A trusted organisation that problems public key certificates is known as a Certificate Authority (CA). The CA can be likened to a notary public. To obtain a certificate from a CA, 1 must provide proof of identity. In one case the CA is confident that the applicant represents the organization it says it represents, the CA signs the document attesting to the validity of the information contained within the certificate.

A public cardinal document contains the post-obit fields:

Issuer
The CA that issued the certificate. If a user trusts the CA that issued the certificate, and if the document is valid, then the user can trust the certificate.
Period of validity
A document has an expiration date. This date should be checked when verifying the validity of a document.
Subject area
Includes data almost the entity that the certificate represents.
Subject'due south public key
The primary piece of information that the certificate provides is the subject field'south public fundamental. All the other fields are provided to ensure the validity of this key.
Signature
The certificate is digitally signed by the CA that issued the certificate. The signature is created using the CA's private cardinal and ensures the validity of the certificate. Because only the certificate is signed, non the information sent in the TLS transaction, TLS does not provide for nonrepudiation.

If Bob simply accepts Alice's public fundamental every bit valid when she sends information technology in a public key certificate, then Bob won't exist fooled into sending secret information to Charlie when Charlie masquerades as Alice.

Multiple certificates may be linked in a document chain. When a certificate chain is used, the offset document is always that of the sender. The side by side is the certificate of the entity that issued the sender's document. If more certificates are in the chain, then each is that of the potency that issued the previous certificate. The concluding certificate in the chain is the certificate for a root CA. A root CA is a public Certificate Authority that is widely trusted. Information for several root CAs is typically stored in the customer's Internet browser. This data includes the CA's public cardinal. Well-known CAs include DigiCert, Entrust, and GlobalSign.

Cryptographic Hash Functions

When sending encrypted data, TLS typically uses a cryptographic hash function to ensure data integrity. The hash part prevents Charlie from tampering with data that Alice sends to Bob.

A cryptographic hash function is similar to a checksum. The main difference is that whereas a checksum is designed to detect adventitious alterations in data, a cryptographic hash function is designed to detect deliberate alterations. When information is candy by a cryptographic hash function, a pocket-size string of $.25, known every bit a hash, is generated. The slightest change to the message typically makes a large change in the resulting hash. A cryptographic hash role does not require a cryptographic central. A hash function often used with TLS is Secure Hash Algorithm (SHA). SHA was proposed past the U.S. National Institute of Standards and Engineering (NIST).

Message Authentication Code

A bulletin hallmark code (MAC) is like to a cryptographic hash, except that it is based on a secret fundamental. When hole-and-corner key information is included with the data that is processed by a cryptographic hash function, then the resulting hash is known equally an HMAC.

If Alice wants to be sure that Charlie does non tamper with her message to Bob, then she can summate an HMAC for her message and append the HMAC to her original message. She can then encrypt the bulletin plus the HMAC using a secret key that she shares with Bob. When Bob decrypts the message and calculates the HMAC, he will be able to tell if the message was modified in transit. With TLS, an HMAC is used with the transmission of secure data.

Digital Signatures

Once a cryptographic hash is created for a message, the hash is encrypted with the sender's private key. This encrypted hash is called a digital signature.

The TLS 1.3 Handshake

Advice using TLS 1.3 begins the TLS handshake. This is an initial negotiation between the client and server that establishes the parameters of their subsequent interactions within TLS. It consists of three phases: key substitution, server parameters, and hallmark:

  1. Key Substitution: This phase establishes shared keying material, such as which named grouping the shared primal tin can belong to (Elliptic Bend Groups (ECDHE) or Finite Field Groups (DHE)), and selects cryptographic parameters, such equally symmetric nix options.

  2. Server Parameters: This phase establishes other handshake parameters such every bit whether document-based client hallmark is desired.

  3. Authentication: This phase authenticates the server (and optionally the customer) and provides key confirmation and handshake integrity.

The TLS i.3 Protocol

The following effigy shows the sequence of messages for the full TLS handshake.

Full TLS 1.3 handshake

  1. Key substitution:

    1. The customer sends a ClientHello message to server.

    2. The server processes the ClientHello message and determines the appropriate cryptographic parameters for the connection. It then responds with its ain ServerHello message, which indicates the negotiated connection parameters. For TLS ane.three, the ServerHello message determines the key and cipher options simply. Other handshake parameters may be determined later.

  2. Server parameters: The server sends two messages to found server parameters:

    • EncryptedExtensions: This message contains responses to ClientHello extensions that are not required to determine the cryptographic parameters, other than those that are specific to individual certificates.

    • CertificateRequest (optional): If certificate-based client authentication is desired, and so the server sends this message, which contains the desired parameters for that certificate. This bulletin is omitted if client authentication is not desired.

  3. Authentication:

    1. The server sends these authentication messages:

      • Certificate (optional): This message contains the authentication certificate and any other supporting certificates in the certificate concatenation. This bulletin is omitted if the server is not authenticating with a certificate.

        Note: The Certificate bulletin can contain a raw key instead of a document.

      • CertificateVerify (optional): This message contains a signature over the entire handshake using the private key respective to the public fundamental in the Certificate message. This message is omitted if the server is not authenticating with a document.

      • Finished: a MAC (Message Authentication Code) over the entire handshake.

    2. The client responds with its ain Certificate, CertificateVerify, and Finished messages. The Certificate bulletin is omitted if the server did not send a CertificateRequest bulletin. The CertificateVerify message is omitted if the client is non authenticating with a document.

The client and server can at present securely ship application data to each other.

Cardinal Exchange

The key commutation messages, ClientHello and ServerHello, determine the security capabilities of the client and the server and establish shared secrets, including the traffic keys used to protect the residual of the handshake and the application data.

ClientHello

The TLS handshake begins with the customer sending a ClientHello message to the server. This message contains the following fields:

Note: TLS messages may contain additional fields than the ones listed hither; encounter the TLS one.three specification for full details about TLS letters and their fields.

  • cipher_suites: This field contains a list of the symmetric cipher options supported by the customer, specifically the record protection algorithm (including secret cardinal length) and a hash to be used with Keyed-Hash Message Lawmaking (HMAC)-based Excerpt-and-Expand Cardinal Derivation Function (HKDF).

  • extensions: Extensions facilitates the improver of new features to the TLS protocol with minimal impact to existing clients. Extensions that the ClientHello bulletin may contain, but are not express to, the post-obit:

    • supported_versions: This extension indicates which versions of TLS the client supports. The ClientHello message must comprise this bulletin.

    • status_request: This extension indicates that client wants to utilize a document status protocol; the server may not agree to use information technology. An example of a certificate status protocol is Online Certificate Status Protocol (OCSP). See Customer-Driven OCSP and OCSP Stapling.

    • supported_groups: This extension indicates the named groups that the client supports for cardinal exchange. These named groups include elliptic curve groups (ECDHE) and finite field groups (DHE). The ClientHello bulletin must include this message if it's using ECDHE or DHE key exchange.

    • key_share: This extension contains a listing of cryptographic parameters for key exchange. It contains a field named client_shares that contains this listing. Each item in this list contains the following fields:

      • group: The name of the group on which the key exchange cryptographic method is based. See The SunJSSE Provider in JDK Providers Documentation.

      • key_exchange: Key exchange data, which is determined by the value of the group field.

    • pre_shared_key: A pre-shared central (PSK) is a shared hugger-mugger that was previously shared between the 2 parties using some secure channel earlier it needs to be used. PSKs can be established in a previous connection and then used to establish a new connectedness. In one case a handshake has completed, the server can send to the client a PSK identity that corresponds to a unique central derived from the initial handshake. See Session Resumption with a Pre-Shared Key.

    • cookie: When a server sends a HelloRetryRequest message, it tin include this extension to the client. (The server sends a HelloRetryRequest message in response to a ClientHello message if it can find an adequate prepare of parameters, but the ClientHello message doesn't accept plenty information to proceed with the handshake.) I purpose of this extension is to enable the server to force the client to demonstrate reachability at their apparent network accost (which provides some deprival-of-service attack (DoS) protection. When the client sends a new ClientHello message, information technology must re-create the contents received in the HelloRetryRequest into a cookie extension in this new ClientHello message.

    • server_name: TLS one.iii doesn't provide a mechanism for a client to tell a server the name of the server information technology is contacting. Clients can utilise this extension to provide this information to facilitate connections to servers that host multiple virtual servers at a single network address. Note that some servers may crave clients to send this extension.

ServerHello

The server responds to the customer'due south ClientHello bulletin with a ServerHello message if information technology's able to negotiate an acceptable set of handshake parameters. This message contains the following fields:

  • cipher_suite: This field contains the single null suite selected by the server from the list in the ClientHello.cipher_suites field.

  • extensions: This field contains extensions that are required to establish the cryptographic context and negotiate the protocol version. The extensions that the SeverHello may contain include the post-obit:

    • supported_versions: Indicates which version of TLS information technology's using. The ServerHello message must contain this extension.

    • key_share: This extension contains a list of cryptographic parameters for key substitution.

    • pre_shared_key: This extension contains the pre-shared key the server agreed to use. See Session Resumption with a Pre-Shared Key for information about pre-shared keys.

    The server sends other extensions separately in the EncryptedExtensions message.

Server Parameters

After the server sends a ServerHello bulletin to the client, information technology sends two messages to found server parameters: EncryptedExtensions and CertificateRequest:

  • EncryptedExtensions: This bulletin contains responses to ClientHello extensions that are not required to determine cryptographic parameters other than those that are specific to individual certificates.

  • CertificateRequest: If certificate-based client authentication is desired, then this message is sent. It contains parameters for a document requested from the client. It includes the post-obit fields:

    • certificate_request_context: This field contains an identifier that identifies the certificate request

    • extensions: This field contains extensions that draw the requested certificate's parameters. It may contain the following extensions:

    • signature_algorithms: This extension indicates which signature algorithms may exist used in CertificateVerify messages. The ServerHello message must comprise this extension.

    • signature_algorithms_cert: This extension indicates which signature algorithms may be used in digital signatures. If this bulletin isn't sent, so it uses the values specified in the signature_algorithms extension.

    • certificate_authorities: This extension indicates which certificate authorities the server accepts.

    • supported_groups: This message contains named groups that the server prefers. The client may apply this information to modify what groups it uses in its key_share extension in subsequent connections.

Authentication

The last iii messages that the server and customer transport to each other in a TLS handshake are Certificate, CertificateVerify, and Finished.

Certificate

This message contains the authentication certificate and any other supporting certificates in the certificate concatenation. The server must transport this message if the key exchange method uses certificates for authentication. The client must send this if and merely if the server requested client authentication through a CertificateRequest message. The document message includes the following fields:

  • certificate_list: This field contains a sequence of CertificateEntry structures, each containing a single certificate and a set of extensions

  • extensions: Extensions that the Document message may contain include the following:

    • status_request: Run into Client-Driven OCSP and OCSP Stapling

    • signed_certificate_timestamp: TLS clients won't take certificates unless they are logged. When a valid document is submitted to a log, the log must render a Signed Certificate Timestamp (SCT); run across RFC 6962: Certificate Transparency.

CertificateVerify

This message contains a signature over the unabridged handshake using the individual key corresponding to the public key in the Document bulletin. Information technology provides proof that the client or the server has the private key corresponding to its document. This message includes the following fields:

  • algorithm: This field contains the signature algorithm used. See The SunJSSE Provider in JDK Providers Documentation for supported algorithms.

  • signature: This field contains the digital signature using the algorithm.

Finished

This message contains a Message Authentication Lawmaking (MAC) over the entire handshake. Once the client and server accept verified the Finished letters that they have received from their peers, both sides may send and receive application information over the connection.

Session Resumption with a Pre-Shared Key

A pre-shared fundamental (PSK) is a shared hush-hush that was previously shared betwixt the two parties using some secure channel earlier information technology needs to be used. You lot tin establish a PSK during i TLS handshake and and so use it to establish a new connection in another handshake; this is chosen session resumption with a PSK. The PSK corresponds to a unique key derived from the initial handshake. If the server accepts the PSK when establishing a new connection, then the security context of this connection is cryptographically tied to the original connection, and the primal derived from the initial handshake is used to bootstrap the cryptographic land instead of the total TLS handshake.

The following figures show two handshakes, the first establishes a PSK and the second uses it.

TLS one.3 handshake that establishes a PSK

TLS 1.3 handshake that establishes a PSK

TLS ane.iii handshake that uses a PSK

TLS 1.3 handshake that uses a PSK

  1. The client sends a ClientHello message with a key_share extension to the server. This extension lists which cardinal exchange cryptographic methods that the client supports.

  2. The server responds with a ServerHello message with a key_share extension. This extension contains the cryptographic method it wants to use for the key exchange.

  3. The server sends its server parameters to the client.

  4. Both the server and client exchange authentication letters.

  5. The server sends a NewSessionTicket message to the client, which contains a PSK that the client then may utilise for time to come handshakes past including it in the pre_shared_key extension in its ClientHello message.

  6. The client and server tin now exchange encrypted application data.

  7. In a time to come handshake, the customer sends to the server a ClientHello message with the key_share and pre_shared_key extensions. The pre_shared_key extension contains a PSK sent in a NewTicketSession message.

  8. The server responds with a ServerHello message with the pre_shared_key and key_share extensions. The pre_shared_key extension contains the PSK the server every bit agreed to employ.

  9. The server sends its parameters to the client.

  10. The server and the client transport each other Finished messages. They don't perform the authentication phase as the security context of this connection is cryptographically tied to the original connection.

  11. The client and server tin now commutation encrypted application information.

Notation: The following are non supported in JDK 8:

  • Resumption using PSK only: You must utilize PSKs with (EC)DHE key exchange, which provides forward secrecy in combination with shared keys. Resumption using PSK merely is less secure with regards to forward and backward secrecy.

  • Zero Round Trip Time Resumption (0–RTT): This enables the client and server to send awarding information in the first messages (ClientHello and ServerHello) to each other. The client uses a PSK to encrypt the application data it initially sends with the ClientHello and to cosign the server. This has the security issues of resumption using PSK only and some potential for replay attacks.

  • Stateless server PSKs: RFC5077: Transport Layer Security (TLS) Session Resumption without Server-Site Country describes a machinery that enables the server to resume sessions and avert keeping per-customer session state. This mechanism would reduce server memory usage at the expense of forward secrecy for resumption using PSK only.

  • Out-of-ring PSK establishment: This means the production of PSKs other than through NewSessionTicket letters.

Post-Handshake Messages

The client and server tin can send other messages later the handshake: new session ticket message, mail service-handshake authentication, and key update.

New Session Ticket Message

The NewSessionTicket bulletin, sent by the server after information technology receives the Finished message, contains a pre-shared central that the client and then may use for future handshakes. See Session Resumption with a Pre-Shared Key.

Post-Handshake Authentication

If client sent the post_handshake_auth extension, the server may asking client authentication at any fourth dimension after the handshake by sending a CertificateRequest bulletin. If the client authenticates, then it must transport Document, CertificateVerify, and Finished messages. If the client declines, so it must ship a Certificate bulletin that contains no certificates and the Finished message.

KeyUpdate Message

The KeyUpdate handshake message is used to point that the sender is updating its sending cryptographic keys. It replaces the ChangeCipherSpec message in TLS 1.2.

You can specify a limit on the amount of information an algorithm may encrypt with a specific prepare of keys with the jdk.tls.keyLimits Security Property. See Limiting Amount of Data Algorithms May Encrypt with a Ready of Keys.

Compatibility Risks and Known Issues

Enhancements to JSSE may introduce compatibility problems and other known issues, which are described in this department.

TLS one.3 Non Straight Compatible with Previous Versions

TLS ane.three is not directly compatible with previous versions. Although TLS 1.3 can be implemented with a backward-compatibility mode, there are all the same several compatibility risks to consider when upgrading to TLS i.3:

  • TLS i.iii uses a half-close policy, while TLS 1.ii and earlier utilize a duplex-close policy. For applications that depend on the duplex-close policy, in that location may be compatibility bug when upgrading to TLS one.3.

  • The signature_algorithms_cert extension requires that pre-defined signature algorithms are used for document authentication. In do, nevertheless, an application may use unsupported signature algorithms.

  • The DSA signature algorithm is not supported in TLS i.three. If a server is configured to just use DSA certificates, information technology cannot negotiate a TLS 1.3 connexion.

  • The supported cypher suites for TLS 1.three are non the same equally TLS i.2 and earlier. If an application hardcodes aught suites that are no longer supported, it may not be able to employ TLS ane.3 without modifications to its lawmaking, for instance TLS_AES_128_GCM_SHA256 (ane.3 and afterward) versus TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (1.two and earlier).

  • The TLS 1.three session resumption and key update behaviors are different from TLS 1.2 and earlier. The compatibility impact should exist minimal, but it could be a take a chance if an application depends on the handshake details of the TLS protocols.

The TLS 1.2 Handshake

Advice using SSL begins with an exchange of information between the customer and the server. This commutation of information is chosen the SSL handshake. The SSL handshake includes the post-obit stages:

  1. Negotiating the cipher suite

    The SSL session begins with a negotiation between the client and the server every bit to which cipher suite they will use. A cipher suite is a set of cryptographic algorithms and fundamental sizes that a computer can apply to encrypt information. The aught suite includes data nigh the public fundamental exchange algorithms or key agreement algorithms, and cryptographic hash functions. The client tells the server which zippo suites it has available, and the server chooses the best mutually acceptable cipher suite.

  2. Authenticating the server'south identity (optional)

    In SSL, the hallmark step is optional, merely in the example of an due east-commerce transaction over the spider web, the client volition generally want to authenticate the server. Authenticating the server allows the client to be sure that the server represents the entity that the client believes the server represents.

    To evidence that a server belongs to the organization that information technology claims to represent, the server presents its public key document to the client. If this certificate is valid, then the client can be certain of the identity of the server.

    The client and server exchange information that allows them to agree on the aforementioned cloak-and-dagger key. For case, with RSA, the client uses the server's public primal, obtained from the public fundamental certificate, to encrypt the underground primal information. The client sends the encrypted underground key data to the server. Merely the server tin can decrypt this message because the server's private primal is required for this decryption.

  3. Agreeing on encryption mechanisms

    Both the client and the server now have admission to the aforementioned secret key. With each message, they employ the cryptographic hash function, chosen in the first stride of the handshake, and shared secret data, to compute an HMAC that they append to the message. They and so employ the underground key and the secret primal algorithm negotiated in the first step of the handshake to encrypt the secure data and the HMAC. The client and server tin now communicate securely using their encrypted and hashed information.

The TLS 1.ii Protocol

The TLS 1.two Handshake provides a high-level clarification of the SSL handshake, which is the exchange of data between the client and the server prior to sending the encrypted message. The figure The SSL/TLS Handshake provides more than detail. It shows the sequence of messages that are exchanged in the SSL handshake. Messages that are sent only in certain situations are noted as optional. Each of the SSL messages is described in detail afterward.

The SSL/TLS Handshake

This figure shows the sequence of messages that are exchanged in the SSL handshake. These messages are described in detail in the following text.

The SSL messages are sent in the following society:

  1. Client hello: The customer sends the server data including the highest version of SSL that it supports and a list of the nix suites that it supports (TLS ane.0 is indicated as SSL 3.i). The nix suite information includes cryptographic algorithms and primal sizes.
  2. Server hello: The server chooses the highest version of SSL and the best naught suite that both the client and server support and sends this information to the customer.
  3. (Optional) Document: The server sends the customer a certificate or a document chain. A certificate concatenation typically begins with the server's public key certificate and ends with the document authority's root certificate. This message is optional, simply is used whenever server authentication is required.
  4. (Optional) Certificate request: If the server must authenticate the customer, then information technology sends the client a document request. In Cyberspace applications, this message is rarely sent.
  5. (Optional) Server key exchange: The server sends the client a server key exchange bulletin if the public fundamental information from the Certificate is not sufficient for key exchange. For example, in cipher suites based on Diffie-Hellman (DH), this message contains the server'due south DH public primal.
  6. Server howdy washed: The server tells the client that it is finished with its initial negotiation messages.
  7. (Optional) Certificate: If the server Certificate request from the customer, the client sends its document chain, only as the server did previously.

    Note: Only a few Internet server applications enquire for a document from the customer.

  8. Client primal exchange: The customer generates information used to create a central to apply for symmetric encryption. For RSA, the customer and so encrypts this key information with the server'south public primal and sends it to the server. For cipher suites based on DH, this message contains the customer's DH public cardinal.
  9. (Optional) Certificate verify: This message is sent past the client when the client presents a certificate as previously explained. Its purpose is to allow the server to complete the process of authenticating the client. When this message is used, the client sends information that information technology digitally signs using a cryptographic hash function. When the server decrypts this data with the customer'southward public fundamental, the server is able to authenticate the client.
  10. Change cipher spec: The customer sends a message telling the server to change to encrypted mode.
  11. Finished The client tells the server that it is gear up for secure data communication to brainstorm.
  12. Change naught spec: The server sends a bulletin telling the customer to change to encrypted mode.
  13. Finished: The server tells the customer that it is fix for secure data advice to begin. This is the end of the SSL handshake.
  14. Encrypted information: The client and the server communicate using the symmetric encryption algorithm and the cryptographic hash function negotiated during the client howdy and server hullo, and using the undercover central that the client sent to the server during the client cardinal exchange. The handshake tin be renegotiated at this time. Encounter Handshaking Again (Renegotiation).
  15. Close Messages:At the terminate of the connexion, each side sends a close_notify warning to inform the peer that the connection is closed.

If the parameters generated during an SSL session are saved, then these parameters tin sometimes exist reused for futurity SSL sessions. Saving SSL session parameters allows encrypted advice to begin much more quickly.

Handshaking Again (Renegotiation)

In one case the initial handshake is finished and application data is flowing, either side is free to initiate a new handshake at any time. An awarding might like to utilize a stronger cipher suite for peculiarly disquisitional operations, or a server awarding might want to crave client hallmark.

Regardless of the reason, the new handshake takes place over the existing encrypted session, and application data and handshake messages are interleaved until a new session is established.

Your application can initiate a new handshake by using 1 of the following methods:

  • SSLSocket.startHandshake()
  • SSLEngine.beginHandshake()

Cipher Suite Choice and Remote Entity Verification

The SSL/TLS protocols define a specific serial of steps to ensure a protected connectedness. However, the choice of cipher suite straight affects the type of security that the connection enjoys. For example, if an anonymous nil suite is selected, then the application has no way to verify the remote peer's identity. If a suite with no encryption is selected, and so the privacy of the information cannot exist protected. Additionally, the SSL/TLS protocols do not specify that the credentials received must match those that peer might be expected to send. If the connexion were somehow redirected to a rogue peer, but the rogue's credentials were acceptable based on the current trust material, then the connection would be considered valid.

When using raw SSLSocket and SSLEngine classes, you should always check the peer'southward credentials earlier sending any data. The SSLSocket and SSLEngine classes do not automatically verify that the host proper noun in a URL matches the host proper noun in the peer's credentials. An application could be exploited with URL spoofing if the host name is not verified. Since JDK vii, endpoint identification/verification procedures can be handled during SSL/TLS handshaking. See the SSLParameters.getEndpointIdentificationAlgorithm method.

Protocols such as HTTPS (HTTP Over TLS) do require host name verification. Since JDK 7, the HTTPS endpoint identification is enforced during handshaking for HttpsURLConnection past default. See the SSLParameters.getEndpointIdentificationAlgorithm method. Alternatively, applications can use the HostnameVerifier interface to override the default HTTPS host proper name rules. See HostnameVerifier Interface and HttpsURLConnection Course.

Which Of The Following Is Sometimes Used To Encrypt Data At The Data-link Layer Of The Tcp/ip Stack?,

Source: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/tls.html

Posted by: grayvick1986.blogspot.com

0 Response to "Which Of The Following Is Sometimes Used To Encrypt Data At The Data-link Layer Of The Tcp/ip Stack?"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel