Documente Academic
Documente Profesional
Documente Cultură
Qu es
SSL?
Capa
de Conexiones Seguras. Es un
protocolo que hace uso de certificados
digitales
para
establecer
comunicaciones seguras a travs de
Internet.
Recientemente
ha
sido
sustituido por TLS (Transport Layer
Security) el cual est basado en SSL y
son totalmente compatibles.
Te
Es
Firma digital
Cifrado
El
Llave
Son
06/11/2015
HTTPS
Simplemente
Supongamos
FUNCIONAMIENTO
Una
Integridad
06/11/2015
Un
CASO DE VULNERABILIDAD
VERIFICACIN DE VALIDEZ DEL
CERTIFICADO
Supongamos
SSL HANDSHAKE.
06/11/2015
1.- The client sends a client "hello" message that lists the cryptographic
capabilities of the client (sorted in client preference order), such as the
version of SSL, the cipher suites supported by the client, and the data
compression methods supported by the client. The message also
contains a 28-byte random number.
4.- The serv er sends a serv er "hello done" message and waits for a
client response.
5.- Upon receipt of the serv er "hello done" message, the client (the
Web browser) v erifies the v alidity of the serv er's digital certificate and
checks that the serv er's "hello" parameters are acceptable.
2.-The server responds with a server "hello" message that contains the
cryptographic method (cipher suite) and the data compression
method selected by the server, the session ID, and another random
number.
Note:The client and the serv er must support at least one common cipher suite, or
else the handshake fails. The serv er generally chooses the strongest common
cipher suite.
3.- The server sends its digital certificate. (In this example, the server uses
X.509 V3 digital certificates with SSL.).
If the serv er uses SSL V3, and if the serv er application (for example, the Web serv er)
requires a digital certificate for client authentication, the serv er sends a "digital
certificate request" message. In the "digital certificate request" message, the
serv er sends a list of the types of digital certificates supported and the
distinguished names of acceptable certificate authorities.
6.- The client sends a "client key exchange" message. This message
contains the pre-master secret, a 46-byte random number used in the
generation of the symmetric encryption keys and the message
authentication code(MAC) keys, encrypted with the public key of the
serv er.
If the client sent a digital certificate to the serv er, the client sends
a "digital certificate v erify" message signed with the client's priv ate
key. By v erifying the signature of this message, the serv er can
explicitly v erify the ownership of the client digital certificate.
https://support.microsoft.com/es-es/kb/257591
http://rev ista.seguridad.unam.mx/numero-10/el-cifrado-web-ssltls
https://publib.boulder.ibm.com/tiv idd/td/TRM/SC23-482200/es_ES/HTML/user277.htm
http://www.ajpdsoft.com/modules.php?name=Encyclopedia&o
p=content&tid=822
http://publib.boulder.ibm.com/tiv idd/td/ITAME/SC32-136300/en_US/HTML/ss7aumst18.htm
REFERENCIAS