Security Basics mailing list archives

RE: SSL workings

From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Tue, 02 Dec 2003 17:56:57 -0600

Yes, it sounds like you're a beginner; we all were at one time.  Being a
beginner, however, does not excuse you from your responsibility of
_attempting_ to research a topic on your own before bringing it to a
public forum.  See http://www.catb.org/~esr/faqs/smart-questions.html
for information on "How to Ask Questions the Smart Way".

Now, to answer your question, and some of the questions you inevitably
_will_ have the deeper you research, first memorize this URL to find
RFCs: http://search.ietf.org/

AFAIK, SSL was a Netscape spec, though, so it's here:
http://wp.netscape.com/eng/ssl3/draft302.txt

And, you might as well read up on the successor to SSL, TLS:

http://www.ietf.org/rfc/rfc2246.txt 
 
TLS again, this obseletes the preceeding doc:

http://www.ietf.org/rfc/rfc3546.txt

Depending on _how_ new you are, you may also find this useful:

http://ietf.org/rfc/rfc2151.txt

I don't intend any offense; it just pisses me off when it appears
someone hasn't even attempted to help themselves before asking or
expecting the community to help them.  Help us help you.

Joey Peloquin

-----Original Message-----
From: trystano () aol com [mailto:trystano () aol com] 
Sent: Tuesday, December 02, 2003 11:18 AM
To: security-basics () securityfocus com
Subject: SSL workings


Can some please highlight exactly how SSL works. I know it encrypts data
sent between a client and a server and uses authentications through use
of certificates etc.

But does it secure the a socket/port out of which the data is being
transffered. Does SSL send data through a different port that normal
unprotected data transfers?

Sorry if this sounds kind of beginner like :-s

Cheers

Tryst

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

SSL workings trystano (Dec 02)
- RE: SSL workings Joey Peloquin (Dec 03)
- RE: SSL workings dave kleiman (Dec 03)
- Re: SSL workings Creed Erickson (Dec 03)
- Re: SSL workings Markus Müssig (Dec 03)
- <Possible follow-ups>
- Re: SSL workings Trystano (Dec 03)
  - RE: SSL workings dave kleiman (Dec 03)
  - RE: SSL workings Joey Peloquin (Dec 03)
- SSL workings Boyer, G. T. IT2 ISSM Office (Dec 03)
- RE: SSL workings Boyer, G. T. IT2 ISSM Office (Dec 03)
  - CSI/FBI Survey Meritt James (Dec 04)