Thursday, February 12, 2009

SSL/TLS in Service Oriented applications


SSL- how it happens

-Why we need SSL
Terms Used in SSL/TLS Communication....................

-Diffrence in TLS and SSL
-Certificates
-Common Names
-Certification Authority

-Public Key Cryptography
-Symmetric vs Assymtric Encryption
-CSR(Certificate server Request)
-SSL Port



Possible threats in Communication Over Internet :
while we are not using any kind of security what are the security threats that are possible...
that are
-Who are you talking to
-Evesdropping
-Message Forgery
- Message interception
While doing communication over internet these are posible threats and to come over this we use SSL(secure socket layer)/TLS (Transport layer security).
-We use SSL/TLS to provide Encryption / authentication.
-TLS is a newer version of SSL 3.0.
-SSL 3.1 and TLS 1.0 are reffered as same.
-SSL connection starts with a secure hello.
-TLS connection starts with insecure hello.
-Hand shake between client and server is successfull.


TransPort Layer Security Phases.....
1. Peer Negotiation for algo support
2.Key Exchange and authentication
3.Communication using Symmetric Cipher encryption and message Authentication