CpanelSecurity+

SSL and TLS

SSL and TLS: Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines.

This protocol uses the handshake method of establishing a session. The number of steps in the handshake depends on whether steps are combined and/or mutual authentication is included.

The number of steps is always between four and nine, inclusive, based on who is doing the documentation.

One of the early steps will always be to select an appropriate cipher suite to use.

A cipher suite is a combination of methods, such as an authentication, encryption, and message authentication code (MAC) algorithms used together. Many cryptographic protocols such as TLS use a cipher suite.

 

NOTE: Netscape originally developed the SSL method, which has gained wide acceptance throughout the industry.

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.

 

SSL and TLS

 

Regardless of which vendor’s implementation is being discussed, the steps can be summarized as illustrated. When connection request is made to the server, the server sends a message back to the client indicating that a secure connection is needed.

The client sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted key. The session is secure at the end of this process.

 

The SSL Connection Process

 The SSL Connection Process

 

This session will stay open until one end or the other issues command to close it. The command is typically issued when a browser is closed or another URL is requested.

As a security administrator, you will occasionally need to know how to configure SSL settings for a website running on your operating system.

You should also know that, in order for SSL to work properly, the client must be able to accept level of encryption that you apply.

Modern browsers can work with 128-bit encrypted sessions/certificates.

Earlier browsers often need to use 40- or 56-bit SSL encryption. As an administrator, you should push for the latest browsers on all clients.

VeriSign used a clever advertising strategy that makes this point readily comprehensible:

In mailed flyers in a clear bag with the lines “Sending sensitive information over the Web without the strongest encryption is like sending a letter in a clear envelope. Anyone can see it”. This effectively illustrates the need for the strongest SSL possible.

Transport Layer Security (TLS) is a security protocols that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. Below illustrates the connection process is the TLS network.

 

The TLS Connection Process

 The TLS Connection Process

 

The TLS protocol is also referred to as SSL 3.1, but despite its name, it doesn’t interoperate with SSL. The TLS standard is supported by the IETF.

 

NOTE: Think of TLS as an updated version of SSL. TLS is based on SSL, and it is intended to supersede it.

 

Below, We Will Show You How to Configure the SSL port in Windows Server 2012.

 

SSL Settings in Windows Server 2012

This lab requires a test machine (nonproduction) running Windows Server 2012. To configure the SSL port setting, follow these steps:

  1. Open Internet Information Services Manager by choosing Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Expand the left pane entries until your website becomes an option. Right-click the website, and choose properties from the context menu.
  3. Select the Web Site tab. Check whether the port number for SSL is filled in, if it isn’t enter a number here.
  4. Click OK and exit internet Information Services Manger.

Notice that the SSL port field is blank by default, and any port number can be entered here-this differs from the way some previous versions of IIS worked.

The default SSL port is 443; if you enter a number other than that in the field, the clients must know and request that port in advance in order to connect.

 

If you have any question regarding SSL and TLS Click here to ask.

 

Related Articles

Leave a Reply

Back to top button