Cheatsheet: Difference between revisions
Content added Content deleted
| Line 418: | Line 418: | ||
--> Application Data(GET) |
--> Application Data(GET) |
||
<-- Encrypted Handshake Message(Hello Request) |
<-- Encrypted Handshake Message(Hello Request) |
||
;SSL Record Overview |
|||
Record Format - Each record consists of a five-byte record header, followed by data. |
|||
Type |
|||
Version - VH,VL |
|||
Length - LH,LL |
|||
*Record Type - There are four record types in SSL: |
|||
Handshake |
|||
Change Cipher Spec |
|||
Alert |
|||
Application Data |
|||
*Version Details: |
|||
SSLv2 0x0002 |
|||
SSLv3 0x0300. |
|||
TLSv1 0x0301. |
|||
*Record Length - 16-byte value, single record can be up to 65,535 (2^16 -1) bytes in length. |
|||
;Types of Records |
|||
*Handshake records: |
|||
Handshake records are not encrypted. |
|||
Handshake record that contains a finished message is always encrypted. |
|||
It always occurs after a Change Cipher Spec (CCS) record. |
|||
Hello Request (0) |
|||
Client Hello (1) |
|||
Server Hello (2) |
|||
Certificate (11) |
|||
Server Key Exchange (12) |
|||
Certificate Request (13) |
|||
Server Hello Done (14) |
|||
Certificate Verify (15) |
|||
Client Key Exchange (16) |
|||
Finished (20) |
|||
Finished Messages are always sent immediately after a Change Cipher Spec message in order to verify that the key exchange and authentication processes were successful. |
|||
The Finished message is the first protected packet with the most recently negotiated algorithms, keys, and secrets. |
|||
No acknowledgment of the Finished message is required; parties can begin to send encrypted data immediately after they send the Finished message. |
|||
Recipients of Finished messages must verify that the contents are correct. |
|||
Hello Request |
|||
*Change Cipher Spec protocol: |
|||
CCS records are used in order to indicate a change in cryptographic ciphers. |
|||
Immediately after the CCS record, all data is encrypted with the new cipher. |
|||
Sent by both client and server in order to notify the receiving party that subsequent records are protected under the most recently negotiated Cipher Spec and keys. |
|||
Might or might not be encrypted; in a simple connection with single handshake, the CCS record is not encrypted. |
|||
*Alert Records are used in order to indicate to the peer that a condition has occured. |
|||
Some alerts are warnings, while others are fatal and cause the connection to fail. |
|||
Alerts might or might not be encrypted, and might occur during a handshake or during data transfer. |
|||
There are two types of alerts: |
|||
Closure Alerts: The connection must be properly closed in order to avoid any kind of truncation attacks. |
|||
A close_notify message indicates to the recipient that the sender will not send anymore messages on that connection. |
|||
Error Alerts: When an error is detected, the detecting party sends a message to the other party. |
|||
Upon transmission or receipt of a fatal alert message, both parties immediately close the connection. |
|||
Example: |
|||
unexpected_message (fatal) |
|||
decompression_failure |
|||
handshake_failure |
|||
*Application Data Record |
|||
These records contain the actual application data. |
|||
These messages are carried by the record layer and are fragmented, compressed, and encrypted, based on the current connection state. |
|||
= NetScaler = |
= NetScaler = |
||