The data is encrypted before it even leaves your computer, and is decrypted only once it reaches its intended destination. Certificates and cryptographic algorithms are behind how it all works.
SSL and secure connections can be used for any kind of protocol on the Internet, whether it be HTTP, POP3, or FTP.
SSL can also be used to secure Telnet sessions. It is not necessary to use SSL on every kind of connection. It should be used if the connection will carry sensitive information.
OpenSSL is more than just SSL. It is capable of message digests, encryption and decryption of files, digital certificates, digital signatures, and random numbers.
Setting up an unsecured connection
OpenSSL uses an abstraction library called BIO to handle communication of various kinds, including files and sockets, both secure and not.
Opening a connection
Creating a new connection requires a call toBIO_new_connect. You can specify both the hostname and port. bio = BIO_new_connect("hostname:port");Communicating with the server
Reading and writing to the BIO object, regardless of whether it is a socket or file, will always be performed using two functions:BIO_read and BIO_write Closing the connection
Closing the connection is simple as well. You can close the connection in one of two fashions:BIO_reset, or BIO_free_all.Setting up a secure connection
Secure connections require a handshake after the connection is established. During the handshake, the server sends a certificate to the client, which the client then verifies against a set of trust certificates.The client will send a certificate to the server only if the server requests one. This is known as client authentication. Using the certificate(s), cipher parameters are passed between the client and server to set up the secure connection.
OpenSSL comes with a set of trust certificates. They are in the
certs directory of the source tree.Transport Layer Security (TLS) is the successor to SSL.
SSL connections are begin with security and proceed directly to secured communications. Whereas, TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created. The exact differences between SSL-TLS are extremely technical, but in simpler words, we can say that TLS is latest and more refined cryptographic technology.
after latest version of SSL 3.0, its predecessor TLS 1.0 was introduced. Hence, TLS 1.0 is just SSL 3.1 but more reliable.
No comments:
Post a Comment