SSL Record Protocol Vs SSL Handshake Protocol.
The two main protocols of SSL are SSL Record Protocol and SSL Handshake Protocol. In summary, SSL Record Protocol provides data confidentiality and integrity services; as well as protection against attacks by retransmitting messages.
Several SSL protocols can be stratified over the record protocol. The most important of these protocols is the SSL Handshake Protocol, a protocol for authentication and exchange of keys that negotiates the algorithms encryption to be used and carries out the authentication of the server and, if requested, of the client.
After completing the SSL handshake protocol, the data of the applications can be sent via the SSL record protocol following the agreed security parameters.
More specifically, SSL Record Protocol receives data from higher-level protocols and is fragmenting (fragmentation), data compression and encryption. Each SSL Record data payload can be compressed and encrypted according to the current compression method and the encryption algorithm (set by Handshake Protocol).
SSL Handshake Protocol is the main protocol of this one layer higher than SSL Record Protocol. The purpose of SSL Handshake protocol is to oblige a customer to (client) and a server to establish protocols to be used during communication, to select the compression method and cryptography specification, each other and create a main secret (master secret key), from which various keys arise session to authenticate and encrypt messages.
The steps in the SSL Handshake process are as follows:
Step 1: The SSL client connects to the SSL server and asks to Certify. The client also informs which algorithms encryption supports. The server for its part confirms whether it can support these algorithms, while also assigns a unique connection id to the connection that has been Created.
Step 2:A good VPS server provider proves its identity by sending it digital certificate. Certificates shall be verified by the verification of the validity dates, as well as the fact that the certificate shall bear the signature of an accredited authority Certificate. It is possible, optionally, for the server to request authentication by the client.
Step 3: If the server has requested a certificate of authenticity from the client, he sends it. Negotiation is also taking place for the message encryption algorithm, as well as for the hash function. Usually the server selects the most powerful cryptographic method than the client suggested.
At the same time, the client and the server generate the session keys according to the following steps:
- The client produces a random number which he sends to the server;encrypted with the public key of the server (which has beenobtained from the server certificate).
- The server responds with more random data (encryptedwith the client’s public key, if available. Otherwise, it sendsunencrypted data – clear text).
- Encryption keys are generated by all these randomusing hash functions.