The connection and difference among HTTPS, SSL and TLS (for personal use)

Time:2021-2-24

SSL (secure socket layer) is a protocol encryption layer based on HTTPS. It was initially developed by Netscape, and then standardized by IETF (the Internet Engineering Task Force) and written into RFC (request for comments). RFC contains a lot of Internet technology specifications!

At first, because HTTP uses plaintext when transmitting data (although the data submitted by post can’t be seen in the newspaper, it can still be stolen through packet capture tools) is not secure. In order to solve this problem, Netscape company has launched SSL secure socket protocol layer, which is based on HTTP and TCP, and it is based on HTTP standard to transmit data So hppts is the abbreviation of HTTP + SSL / TCP.

As the launch of HTTPS is welcomed by many people, IETF standardizes SSL3.0 when SSL is updated to 3.0, and adds a few mechanisms (but almost no difference with SSL3.0), and the standardized IETF is renamed tls1.0 (Transport Layer Security) It can be said that TLS is the new version 3.1 of SSL, and at the same time released “rfc2246-tls encryption protocol details”. If you want to have a deeper understanding of the working principle of TLS, you can go to the official website of RFC:www.rfc-editor.org , search rfc2246 to find RFC documents!——That’s the historical background

SSL refers to the secure socket layer. In short, it is a standard technology, which can ensure the security of Internet connection, protect any sensitive data sent between two systems, and prevent network criminals from reading and modifying any transmitted information, including personal data. Two systems may refer to a server and a client (for example, a browser and a shopping website), or between two servers (for example, an application with personal identity information or payroll information).

To clarify the implementation principle of the HTTPS protocol, at least the following background knowledge is required.

  1. Understand the meaning of several basic terms (HTTPS, SSL, TLS)
  2. Have a general understanding of the relationship between HTTP and TCP (especially short connection vs long connection)
  3. Understand the concept of encryption algorithm (especially the difference between symmetric encryption and asymmetric encryption)
  4. Understand the purpose of CA certificate
  5. Several handshakes of TCP communication protocol

TLS (Transport Layer Security) is a more secure upgrade of SSL. Because the term SSL is more commonly used, we still call our security certificate SSL. But when you buy SSL from Symantec, what you really buy is the latest TLS certificate. There are ECC, RSA or DSA encryption methods to choose from.

TLS / SSL is a specification of encrypted channel

It uses symmetric encryption, asymmetric encryption of public and private keys and key exchange algorithm to encrypt and transfer trusted information in CA system

RC4, AES, 3DES, camellia and so on are commonly used symmetric encryption algorithms in HTTP SSL

SSL was developed by the former Netscape company
There are three versions 1, 2 and 3, but now only version 3 is used

TLS is the product of SSL standardization
There are three versions of 1.0 1.1 1.2
1.0 is used by default

There is little difference between tls1.0 and SSL3.0

In fact, we use TLS now, but we are used to SSL in history
SSL is usually the most common.

SSL (secure sockets layer) and its successor transport layer security (TLS) are security protocols that provide security and data integrity for network communication. TLS and SSL encrypt the network connection in the transport layer.

SSL protocol is located between TCP / IP protocol and various application layer protocols to provide security support for data communication. SSL protocol can be divided into two layers: SSL record protocol (SSL record protocol): it is based on reliable transmission protocol (such as TCP), and provides basic functions such as data encapsulation, compression and encryption for high-level protocols. SSL handshake protocol (SSL handshake protocol): it is based on the SSL record protocol. It is used for identity authentication, encryption algorithm negotiation, encryption key exchange and so on before the actual data transmission.

Secure transport layer protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two layers: TLS record and TLS handshake.

The biggest advantage of TLS is that TLS is independent of application protocol. High level protocols can be transparently distributed over TLS. However, TLS standard does not specify how to add security to TLS; it leaves the decision of how to start TLS handshake protocol and how to interpret the exchanged authentication certificate to the protocol designer and implementer.

1. SSL encryption
SSL is a security protocol proposed by Netscape company. It can be used in browser (such as Internet Explorer, Netscape Navigator) and web server (such as Netscape enterprise server, ColdFusion) SSL runs on the TCP / IP layer and under the application layer, and provides encrypted data channel for applications. It uses encryption algorithms such as RC4, MD5 and RSA, and uses 40 bit key, which is suitable for business information encryption. At the same time, Netscape company has developed the corresponding HTTPS protocol and built it into its browser. In fact, HTTPS is HTTP over SSL, which uses the default port 443 instead of port 80 to communicate with TCP / IP as HTTP does. The original data is encrypted by SSL in the sender, and then decrypted in the receiver. The encryption and decryption need to be realized by exchanging a common key between the sender and the receiver. Therefore, the transmitted data is not easy to be intercepted and decrypted by network hackers. However, the encryption and decryption process requires a lot of system overhead, which seriously reduces the performance of the machine. The relevant test data show that the efficiency of data transmission using HTTPS protocol is only one tenth of that using HTTP protocol. If for the sake of security, all web applications of a website are encrypted by SSL technology and transmitted by using the HTTPS protocol, then the performance and efficiency of the website will be greatly reduced, and there is no need for this, because generally speaking, not all data require such a high level of security
2. TLS encryption
TLS: secure transport layer protocol
  TLS:Transport Layer Security
Secure transport layer protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two layers: TLS record and TLS handshake. The lower layer is TLS recording protocol, which is located on a reliable transport protocol (such as TCP).

The difference and introduction of SSL and TLS

SSL: (secure socket layer), a protocol layer between reliable connection oriented network layer protocol and application layer protocol. SSL realizes secure communication between client and server by mutual authentication, digital signature and encryption. The protocol consists of two layers: SSL record protocol and SSL handshake protocol.

TLS: (Transport Layer Security Protocol) is used to provide confidentiality and data integrity between two applications. The protocol consists of two layers: TLS record protocol and TLS handshake protocol.

SSL is developed by Netscape to protect web communication. The current version is 3.0. The latest version of TLS 1.0 is a new protocol specified by iete (Engineering Task Group). It is built on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. The difference between the two is very small, which can be understood as SSL 3.1, which is written into RFC.

  SSL(Secure Socket Layer)

It is developed by Netscape to ensure the security of data transmission on the Internet. The use of data encryption technology can ensure that the data will not be intercepted in the process of transmission on the network.

The current version is 3.0. It has been widely used in identity authentication and encrypted data transmission between web browser and server.

SSL protocol is located between TCP / IP protocol and various application layer protocols to provide security support for data communication. SSL protocol can be divided into two layers: SSL record protocol (SSL record protocol): it is based on reliable transmission protocol (such as TCP), and provides basic functions such as data encapsulation, compression and encryption for high-level protocols. SSL handshake protocol (SSL handshake protocol): it is based on the SSL record protocol. It is used for identity authentication, encryption algorithm negotiation, encryption key exchange and so on before the actual data transmission.

The services provided by SSL protocol mainly include:

1) Authenticate users and servers to ensure that data is sent to the correct client and server;

2) Encrypting data to prevent data from being stolen in the middle;

3) Maintain the integrity of the data to ensure that the data is not changed in the process of transmission.

The workflow of SSL protocol is as follows

Server authentication phase:

1) The client sends a start message “hello” to the server to start a new session connection;

2) The server determines whether to generate a new master key according to the information of the client. If so, the server will include the information needed to generate the master key when responding to the “hello” information of the client;

3) The customer service generates a master key according to the received server response information, which is encrypted with the server’s public key and then transmitted to the server;

4) The server recovers the master key and returns a message authenticated by the master key to the client so that the client can authenticate the server.

User authentication stage: before this, the server has passed the customer authentication, and this stage mainly completes the customer authentication. The authenticated server sends a question to the client, and the client returns the (digital) signed question and its public key to provide authentication to the server.

TLS (Transport Layer Security Protocol): secure transport layer protocol

Secure transport layer protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two parts: TLS record and TLS handshake. The lower layer is TLS recording protocol, which is located on a reliable transport protocol (such as TCP).

The connection security provided by TLS protocol has two basic characteristics

Private symmetric encryption is used for data encryption (DES, RC4, etc.). The key generated by symmetric encryption is unique to each connection, and the key is negotiated based on another protocol, such as handshake protocol. Recording protocol can also be used without encryption.
Reliable – information transmission includes information integrity checking using the key’s MAC. Secure hash function (Sha, MD5, etc.) is used for Mac calculation. Recording protocol can operate without Mac, but it can only be used in this mode, that is, another protocol is using recording protocol to transfer and negotiate security parameters.
TLS recording protocol is used to encapsulate various high-level protocols. As one of the encapsulation protocols, the handshake protocol allows the server and the client to authenticate with each other and negotiate the encryption algorithm and key before the application protocol transmits and receives its first data byte. The connection security provided by TLS handshake protocol has three basic properties

Asymmetric or public key cryptography can be used to authenticate the identity of the peer. The authentication is optional, but at least one node is required.
The agreement of shared decryption key is secure. Negotiated encryption is difficult for the thief to obtain. In addition, the authenticated connection cannot be encrypted, even if the attacker enters the middle of the connection.
Consultation is reliable. No attacker can modify the communication negotiation without the detection of the communication party members.
The biggest advantage of TLS is that TLS is independent of application protocol. High level protocols can be transparently distributed over TLS. However, TLS standard does not specify how to add security to TLS; the decision of how to start TLS handshake protocol and how to interpret the exchanged authentication certificate is left to the protocol designer and implementer.

Protocol structure

TLS protocol includes two protocol groups: TLS record protocol and TLS handshake protocol.

The relationship between TLS and SSL: juxtaposition

The latest version of TLS (Transport Layer Security) is a new protocol developed by IETF (Internet Engineering Task Force). It is based on the SSL 3.0 protocol specification and is the subsequent version of SSL 3.0. There is a significant difference between TLS and SSL 3.0, mainly because they support different encryption algorithms, so TLS and SSL 3.0 can not interoperate.

1. The difference between TLS and SSL

1) Version number: TLS record format is the same as SSL record format, but the value of version number is different. TLS version 1.0 uses sslv3.1.

2) Message identification code: MAC algorithm and MAC calculation range of sslv3.0 and TLS are different. TLS uses HMAC algorithm defined by rfc-2104. Sslv3.0 uses a similar algorithm. The difference between them is that in sslv3.0, the join operation is used between the filled byte and the key, while the XOR operation is used in HMAC algorithm. But the security of the two is the same.

3) Pseudo random function: TLS uses a pseudo-random function called PRF to expand the key into data blocks, which is a more secure way.

4) Alarm code: TLS supports almost all sslv3.0 alarm codes, and TLS also defines many additional alarm codes, such as decryption failure_ Failed, record overflow_ Overflow), unknown Ca (unknown)_ CA), access denied_ Denied) et al.

5) Ciphertext family and client certificate: there is a little difference between SSL V3.0 and TLS, that is, TLS does not support Fortezza key exchange, encryption algorithm and client certificate.

6)certificate_ Verify and finished message: certificate is used in SSL V3.0 and TLS_ When the hash codes MD5 and SHA-1 are calculated by verify and finished messages, the input of calculation is slightly different, but the security is equivalent.

7) Encryption calculation: TLS and sslv3.0 use different methods to calculate the master secret.

8) Padding: the padding bytes that need to be added before user data encryption. In SSL, the length of data after filling reaches the minimum integer multiple of ciphertext fast length. In TLS, the length of the data after filling can be any integer multiple of the length of the ciphertext block (but the maximum length of filling is 255 bytes), which can prevent the attack based on the analysis of the message length.

2. The main enhancement of TLS

The main goal of TLS is to make SSL more secure and make the protocol specification more precise and perfect. Based on SSL V3.0, TLS provides the following additions:

1) More secure MAC algorithm

2) Tighter alert

3) A clearer definition of “grey area”

3. TLS for security improvement

1) Key hash method is used for message authentication: TLS uses “key hash method of message authentication code” (HMAC), which ensures that the record will not be changed when it is uploaded on an open network (such as the Internet). Sslv3.0 also provides keyed message authentication, but HMAC is more secure than sslv3.0 using (message authentication code) MAC function.

2) Enhanced pseudo random function (PRF): PRF generates key data. In TLS, HMAC defines PRF. PRF uses two hash algorithms to ensure its security. If any algorithm is exposed, as long as the second algorithm is not exposed, the data is still secure.

3) Improved completed message verification: both TLS and sslv3.0 provide completed messages to two endpoints, and the messages exchanged by the message authentication are not changed. However, TLS bases this completed message on PRF and HMAC values, which is also more secure than sslv3.0.

4) Consistent certificate handling: unlike sslv3.0, TLS attempts to specify the type of certificate that must be exchanged between TLS.

5) Specific alert messages: TLS provides more specific and additional alerts to indicate problems detected by any session endpoint. TLS also records when certain alerts should be sent.

This work adoptsCC agreementReprint must indicate the author and the link of this article

You’re far from it!