Cheatsheet: Difference between revisions
Content added Content deleted
Line 418: | Line 418: | ||
--> Application Data(GET) |
--> Application Data(GET) |
||
<-- Encrypted Handshake Message(Hello Request) |
<-- Encrypted Handshake Message(Hello Request) |
||
;SSL Record Overview |
|||
Record Format - Each record consists of a five-byte record header, followed by data. |
|||
Type |
|||
Version - VH,VL |
|||
Length - LH,LL |
|||
*Record Type - There are four record types in SSL: |
|||
Handshake |
|||
Change Cipher Spec |
|||
Alert |
|||
Application Data |
|||
*Version Details: |
|||
SSLv2 0x0002 |
|||
SSLv3 0x0300. |
|||
TLSv1 0x0301. |
|||
*Record Length - 16-byte value, single record can be up to 65,535 (2^16 -1) bytes in length. |
|||
;Types of Records |
|||
*Handshake records: |
|||
Handshake records are not encrypted. |
|||
Handshake record that contains a finished message is always encrypted. |
|||
It always occurs after a Change Cipher Spec (CCS) record. |
|||
Hello Request (0) |
|||
Client Hello (1) |
|||
Server Hello (2) |
|||
Certificate (11) |
|||
Server Key Exchange (12) |
|||
Certificate Request (13) |
|||
Server Hello Done (14) |
|||
Certificate Verify (15) |
|||
Client Key Exchange (16) |
|||
Finished (20) |
|||
*Change Cipher Spec protocol: |
|||
CCS records are used in order to indicate a change in cryptographic ciphers. |
|||
Immediately after the CCS record, all data is encrypted with the new cipher. |
|||
Sent by both client and server in order to notify the receiving party that subsequent records are protected under the most recently negotiated Cipher Spec and keys. |
|||
Might or might not be encrypted; in a simple connection with single handshake, the CCS record is not encrypted. |
|||
*Finished Messages |
|||
Always sent immediately after a Change Cipher Spec message in order to verify that the key exchange and authentication processes were successful. |
|||
The Finished message is the first protected packet with the most recently negotiated algorithms, keys, and secrets. |
|||
No acknowledgment of the Finished message is required; parties can begin to send encrypted data immediately after they send the Finished message. |
|||
Recipients of Finished messages must verify that the contents are correct. |
|||
* Hello Request |
|||
= NetScaler = |
= NetScaler = |