WHAT IS SSL, TLS AND HTTPS

-


SSL/TLS are cryptographic protocols that provide communications security over a computer network.


WHAT IS SSL ?


SSL (Secure Sockets Layer) is a standard security technology to create an encrypted link between a server and a client. This link ensures that all data passed between the server and the client remain private and secure.
It was designed to support protocols such as FTP, HTTP, TELNET.

HISTORY OF SSL :


The Secure Sockets Layer or SSL was developed by Netscape in 1994 to provide security for web traffic.
The first version “SSL version 1.0”, due to its weak cryptographic algorithms and some security flaws, it was never released for public use.
The second version 2.0 was released in 1995 considered fairly strong, used MD5. But, it was vulnerable.
The next version 3.0 was released in 1996. Which was a complete redesign of the protocol.

SSL :

SSL ensures that all the data transmitted will be encrypted.
Two files, Certificate and Private Key are used.

A Digital Certificate certifies the ownership of a public key by the named subject of the certificate.

A Certification Authority (CA) is a trusted entity that issues electronic documents (Certificates) that verify a digital entity's identity on the Internet .

Standard SSL Handshake:


The handshake protocol defines how the SSL connection is established between the client and the server.




1. Client Hello : Client connects to the server. It contains information like SSL version, cipher settings.

2. Server Hello : Server sends a copy of its SSL Certificate with server's public key. IT contains information like SSL version, cipher settings and public key.

3. Authentication and Pre-master Secret Server certificate is authenticated by the client. If its valid, client encrypts the pre-master secret (a symmetric session key) using server's public key and sends it to the server.

4. Decryption and Master Secret : Server uses its private key to decrypt the symmetric session key and sends acknowledgement encrypted with master secret (session key).

5. Encryption with Session Key : All data will now be encrypted and transmitted with the session key.

TLS :


TLS (Transport Layer Security) is a updated, more secure version of Secure Sockets Layer protocol, or SSL.
TLS 1.0 was developed in 1999. There is no much difference between TLS 1.0 and SSL 3.0, but they are different standards. TLS 1.0 was more secure than SSL 3.0. TLS 1.0 and SSL 3.0 do not interoperate. Vulneabilities such as POODLE , DROWN have shown that SSL is insecure.
TLS 1.1 and 1.2 are the later editions in the TLS family which uses better ciphers.
TLS v1.3 is still a working draft and not well supported yet.

HTTPS :


Hypertext Transfer Protocol Secure (HTTPS) or “HTTP Secure,” is an application specific implementation that is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS. HTTPS is used to provide encrypted communication and secure identification of a server, so that no middle man can intercept the data easily.
  • It is always better to use HTTPS over HTTP.
  • Make sure you are using HTTPS while providing sensitive information.


WHAT SHOULD YOU USE?? SSL OR TLS?


If you are configuring a server, install softwares that supports the latest version of the TLS standard with proper configurations. This ensures that the connections made are as secure as possible and can avoid MITM.

If you are configuring a program (like E-mail) and have an option to connect securely via SSL or TLS, feel free to choose either one as long as it is supported by your server.

But it is better to use TLS as it is more secure and has fix to those vulnerabilities in SSL.




Comments

Post a Comment

Popular posts from this blog

INSTALL TIGHTVNC ON KALI LINUX RASPBERRY PI

-
Image
Install TightVNC server using the following command apt-get install tightvncserver Run VNCserver to generate the configuration files. vncserver :1 VNC sessions are not linked to Linux user authentication.It is just protected by a password.So, it is better to change your password. Change your password using vncpasswd Run the command to check the VNC connection netstat -tupln Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the  VNC CONNECT   To run VNC over SSH, we can create a SSH tunnel. Start your VNC server vncserver :1 -geometry 1280x800 -depth 16 -localhost -nolisten tcp -locahost option will ensure VNC port is listening only on local interface. -nolisten tcp - X Server will not listen on the network. Now, create a SSH tunnel  ssh -L 5901:localhost:5901 -N -f <user>@<ip> Any connection to this port will be tunneled by SSH. ENABLE AT STARTUP To enable VN
Read more

ENABLE AUTOSTART FOR X11VNC

-
Image
ENABLING AUTOSTART FOR X11VNC ON KALI LINUX RASPBERRY PI TO INSTALL VNC check my last post INSTALL X11VNC ON KALI LINUX RASPBERRY PI   O nce you've started the service, it'll run until you stop it or reboot. To Autostart it during BOOT , follow these steps. Create a file "sharex11vnc" in the directory /usr/local/bin Open a terminal, type cd /usr/local/bin this will take you to that directory. To create a file, type nano sharex11vnc Enter the following,   #!/bin/sh x11vnc -ncache 10 -auth guess -repeat -nap -loop -forever -rfbauth ~/.vnc/passwd -desktop "VNC ${USER}@${HOSTNAME}"|grep -Eo "[0-9]{4}">~/.vnc/port.txt # comment this out if you dont want a pop up telling you which port you're using zenity --info --text="Your VNC port is 'cat~/.vnc/port.txt'" press Ctrl+x then press "y" then hit Enter . This will save the file. This script will run the x11vnc during boot. Once t
Read more

INSTALL X11VNC ON KALI LINUX RASPBERRY PI

-
Image
Once your PI is  configured, update it.  apt-get update  apt-get upgrade After everything is updated, install x11vnc by typing apt-get install x11vnc  After it is installed, set up a password to connect to your PI. Type, x11vnc -storepasswd Enter your password and press enter and you're done. To connect through vnc, first you need to start the service.Type the following command to start it. x11vnc -ncache 10 -auth guess -nap -forever -loop -repeat -rfbauth /root/.vnc/passwd -rfbport 5900 -noncache Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the VNC CONNECT   https://www.realvnc.com/download/vnc/ CHECK MY   ENABLE AUTOSTART FOR X11VNC    TO AUTOSTART IT DURING BOOT
Read more