SSL/TLS Time Diagrams
|
|
|
|
Here is a series of slide shows that require a basic knowledge of SSL or TLS.
Actually, the protocol that is considered is SSL. These documents mainly highlight
the SSL session and connection states
during the negotiation phase, as well as the interactions between SSL layers and
components. The layered structure of SSL is shown on Figure 1. Colors related to each
component are used consistently throughout the documents.
The main case study is followed by two variants related to the first exchanges.
|
Figure 1: SSL Layer Model
|
|
|
|
|
|
|
|
|
|
|
|
Main Scenario: Client's Certificate and Session Resumption
|
|
|
|
|
|
This main case study is derived from the following Netscape's traces,
prepared to assist developers of SSL implementations, by Nelson Bolyard:
This document provides a detailed description of the sequence of exchanges
between an SSL Client and an SSL Server. This main scenario includes the
Client's Certificate option, as well as the Session's resumption, and
the type of encryption algorithm used is "stream cipher".
SSL Main Scenario -- 2 March 2005, v1.0
|
Figure 2: Exchanges for Main Scenario
|
|
|
|
|
|
|
|
|
|
|
|
First Variant: Generation of a Temporary 512-bit RSA Key
|
|
|
|
|
|
This first variant takes into account a US export situation,
with constraints concerning the
key size. The generation of a temporary 512-bit RSA key is illustrated.
SSL First Variant -- 2 March 2005, v1.0
|
Figure 3: Exchanges for Variant 1
|
|
|
|
|
|
|
|
|
|
|
|
Second Variant: Generation of an Ephemeral Diffie-Hellman Key
|
|
|
|
|
|
This second variant shows the generation of an ephemeral Diffie-Hellman
key for ensuring the perfect forward secrecy (PFS) service.
SSL Second Variant -- 2 March 2005, v1.0
|
Figure 4: Exchanges for Variant 2
|
|
|
|
|
|
|
|
