Transport Level Security

Some basic fundamentation knowledge for world wide web:

  • Web servers are relatively easy to configure and manage
  • Web content is increasingly easy to develop
  • The underlying software is extraordinarily complex (may hide many potential security flaws)
  • Web server can be exploited as a launching pad into the corporation's or agency's entire computer complex
  • Casual and untrained users(in security matters) are common clients for web-based services

TLS: Transport Level Security

这里要讲一下,TLS其实就是SSL的延伸版本,SSL/TLS 是一种密码通信架构,使用了对称密码,消息认证码,公钥密码,数字签名,违随机生成等。SSL一直发展到3.0版本,3.1版本就改名叫TLS了

TLS includes Handshake, change cipher spec, alert, application data, and TLS Record Protocol.

Two TLS concepts are:

TLS connection:

  • Transport that provides a suitable type of service
  • peer to peer relationships
  • connections are transient
  • every connection is associated with one session

TLS session:

  • association betwween a client and a server
  • created by handshake protocol
  • define a set of cryptographic security parameters


TLS Record Protocol

TLS Handshake

Cryptographic Computations

  • The creation of a shared master secret by means of the key exchange

    • One time 48 byte value shared master secret
    • Pre-master-secret exchanged before master-secret exchanged
  • The generation of cryptographic parameters from the master secret

These parameters are generated from the master secret
A client write MAC secret
A server write MAC secret
A client write key
A server write key
A client write IV
A server write IV

Heartbeat Protocol

periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system, include heartbeat_request and heartbeat_response




一个三天打鱼两天晒网的博主 拖延症严重患者 干啥啥不行,学啥啥不会