Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SSL?

  • 18-03-2000 11:04pm
    #1
    Closed Accounts Posts: 202 ✭✭


    Can someone please tell me what this is all about and how it works? From a CGI programmers point of view that is. I can't get any straight answers on this anywhere on the web frown.gif

    Thanks



Comments

  • Registered Users, Registered Users 2 Posts: 6,693 ✭✭✭tHE vAGGABOND


    thats a massive and very general question..

    as a 1st point of refernce for you, and I presume your CGI is web based programming, have a look at the apache and related products..

    www.apache.org
    www.openssl.org
    www.modssl.org

    The above 3 sites combine the best SSL solution for an apache web server, so there must be something you look for there!


    [This message has been edited by tHE vAGGABOND (edited 20-03-2000).]


  • Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    SSL - Secure Sockets Layer.
    SSL is a transport protocol which sits between the TCP-IP layer and the
    application layer.

    The goal of SSL is to establish an encrypted channel between a client and a server. Asymmetric encryption is too slow to use for all the data so a session key is used. This is a symmetric key for an algorithm such as DES or RC5. It is produced at random and sent from one party to another encrypted
    using the recipients Public key found in their certificate. It can then be
    used to perform rapid encryption for the duration of the session.In the context
    of a web-server and browser client the procedure is as follows:

    Setup
    The browser is obtained by the user containing the Digital Certificates of
    all the well-known Root CAs. The owners of the web-sever obtain an SSL Server
    Certificate from one of the well-known CAs. This is a normal certificate where
    the usage information states that it should only be used/trusted when negotiating
    an SSL connection.


    1 The client makes a normal HTTP page request to the server.
    2 The server determines that the page is marked as secure by the Sysadmin and so requires an SSL connection. The server denies the page request giving as a reason that the page is secure. It also delivers its CA-signed certificate to the browser.
    3 The client interprets the refusal as an invitation to go to SSL. First it verifies the validity of the certificate so that a nefarious server is not trying to elicit sensitive information from it.
    To do this it checks the CA signature using the CA Public key it has in its own list of CA Root certificates. It the CA signature is verified then the good enough for the CA good enough for me principle applies and the
    browser trusts the Server Certificate.
    4 The client now has the server's Public key from the certificate. It generates a random session key and encrypts it using the server's Public key.The client now makes a modified request for the page, this
    time containing the encrypted session key.
    5 The server recognises the modified request. It decrypts the session key as only it can. Both sides now have a secure session key and can both encrypt and decrypt data using a symmetric algorithm. The connection is now secure.


    Client Authentication
    1 To authenticate itself to a server a client sends signed data to the server along with its certificate.
    2 The Server verifies the validity of the certificate against its copy of
    the CA root certificate.
    3 It can also check with the CA directly to ascertain if the Client Certificate is on the CRL of the CA.
    4 After verifying the certificate the hash can be retrieved using the Public key from the certificate
    5 The hash is recomputed from the data and is compared with that retrieved using the key. If the two match the data/user is authenticated.


    You could also check out http://www.verisign.com
    They are a CA (Certifiate Authority) and they
    provide free trial certs so you can see how SSL works.
    oh - and it's http://www.openssl.org http://www.modssl.org


Advertisement