Transport Level Security

Some basic fundamentation knowledge for world wide web:

• Web servers are relatively easy to configure and manage
• Web content is increasingly easy to develop
• The underlying software is extraordinarily complex (may hide many potential security flaws)
• Web server can be exploited as a launching pad into the corporation's or agency's entire computer complex
• Casual and untrained users(in security matters) are common clients for web-based services

TLS: Transport Level Security

[!NOTE]
这里要讲一下，TLS其实就是SSL的延伸版本，SSL/TLS 是一种密码通信架构，使用了对称密码，消息认证码，公钥密码，数字签名，违随机生成等。SSL一直发展到3.0版本，3.1版本就改名叫TLS了

TLS includes Handshake, change cipher spec, alert, application data, and TLS Record Protocol.

Two TLS concepts are:

TLS connection:

• Transport that provides a suitable type of service
• peer to peer relationships
• connections are transient
• every connection is associated with one session

TLS session:

• association betwween a client and a server
• created by handshake protocol
• define a set of cryptographic security parameters

[!NOTE]
所以连接和会话有区别，每一个连接都和一个对话关联，而会话更加具体，是客户和服务器的关联，会话通过握手协议创建，并且定义了密码安全参数集合，这些参数可以在多个安全连接之间共享。会话一般用于减少每次连接建立安全参数的协商成本。

TLS Record Protocol

TLS Handshake

Cryptographic Computations

• The creation of a shared master secret by means of the key exchange

  • One time 48 byte value shared master secret
  • Pre-master-secret exchanged before master-secret exchanged

• The generation of cryptographic parameters from the master secret

These parameters are generated from the master secret
A client write MAC secret
A server write MAC secret
A client write key
A server write key
A client write IV
A server write IV

Heartbeat Protocol

periodic signal generated by hardware or software to indicate normal operation or to synchronize other parts of a system, include heartbeat_request and heartbeat_response

SSH

后面全部都是枯燥的底层协议。