JDK (Java Development Kit) Tutorials

∟The SSL (Secure Socket Layer) Protocol

∟SSL Specification Overview

This section provides a quick overview of the SSL (Secure Socket Layer) protocol. There are 4 sub-protocols in SSL: Record Protocol, Handshake Protocol, Change Cipher Spec Protocol, and Alert Protocol.

SSL protocol operates between the TCP/IP layer and the application layer in the communication layer model. See the following diagram:

   Client            Server
   
   Application       Application
   SSL               SSL
   TCP/IP            TCP/IP
      |                 |
      |-----------------|

The objective of SSL protocol is to offer to the application the following security properties:

• Privacy - Application data can be encrypted with symmetric cryptography technologies.
• Authenticity - Remote host can be authenticated with certificate technologies.
• Integrity - Application data's integrity can be checked with message digest technologies.

SSL protocol is actually composed of 4 sub-protocols:

• Record Protocol - Operates between the TCP/IP layer and application layer to apply fragmentation, compression, encryption, and message digest operations.
• Handshake Protocol - Operates on top of the record protocol layer before any real application data transmission to authenticate remote host, exchange encryption settings and initializing the record protocol layer.
• Change Cipher Spec Protocol - Operates on top of the record protocol layer to inform remote host to change security settings in the record protocol layer.
• Alert Protocol - Operates on top of the record protocol layer to send alerts to the remote host.

SSL's sub-protocols work together with application protocols as shown in the following diagram:

    --> Time
   |----------------------------------------------------------------|
   | SSL Handshake | SSL Change Cipher Spec | Application/SSL Alert |
   |   Protocol    |        Protocol        |       Protocol        |
   |----------------------------------------------------------------|
   |                      SSL Record Protocol                       |
   |----------------------------------------------------------------|
   |                        TCP/IP Protocol                         |
   |----------------------------------------------------------------|

As you can see, the handshake protocol is very important for establishing the SSL. The following diagram shows you what are the messages used in the handshake protocol and in what sequence they are used:

   Client                  Server
   
   Client Hello        -->   
                       <-- Server Hello
                       <-- Server Certificate (optional)
                       <-- Server Key Exchange (optional)
                       <-- Certificate Request (optional)
   Certificate         -->
   Client Key Exchange -->
   Certificate Verify  -->
   Change Cipher Spec  -->
   Finished            -->
                       <-- Change Cipher Spec
                       <-- Finished

For details of the SSL specifications, see "The SSL Protocol, Version 3.0" at http://wp.netscape.com/eng/ssl3/draft302.txt.

How can SSL ensure privacy? SSL allows the server and the client to gain privacy with the following approach:

• During the handshake process, the server sends its public key to the client.
• The client then selects a secret key, encrypts it with server's public key, and sends it to the server.
• The server decrypts the secret key with its private key. Both ends are now ready to use the secret key.
• Then the server and the client starts to transfer data encrypted with the same secret key.

Last update: 2006.

Table of Contents

 About This JDK Tutorial Book

 Downloading and Installing JDK 1.3.1 on Windows

 Downloading and Installing JDK 1.4.1 on Windows

 Downloading and Installing JDK 1.5.0 on Windows

 Downloading and Installing JDK 1.6.2 on Windows

 Date, Time and Calendar Classes

 Date and Time Object and String Conversion

 Number Object and Numeric String Conversion

 Locales, Localization Methods and Resource Bundles

 Calling and Importing Classes Defined in Unnamed Packages

 HashSet, Vector, HashMap and Collection Classes

 Character Set Encoding Classes and Methods

 Character Set Encoding Maps

 Encoding Conversion Programs for Encoded Text Files

 Socket Network Communication

 Datagram Network Communication

 DOM (Document Object Model) - API for XML Files

 SAX (Simple API for XML)

 DTD (Document Type Definition) - XML Validation

 XSD (XML Schema Definition) - XML Validation

 XSL (Extensible Stylesheet Language)

 Message Digest Algorithm Implementations in JDK

 Private key and Public Key Pair Generation

 PKCS#8/X.509 Private/Public Encoding Standards

 Digital Signature Algorithm and Sample Program

 "keytool" Commands and "keystore" Files

 KeyStore and Certificate Classes

 Secret Key Generation and Management

 Cipher - Secret Key Encryption and Decryption

►The SSL (Secure Socket Layer) Protocol

 What Is SSL (Secure Socket Layer)?

►SSL Specification Overview

 JSSE - Java Implementation of SSL and TLS

 SslSocketTest.java - Default SSL Socket Factory Test

 SslContextTest.java - javax.net.ssl.SSLContext Class Test

 SSL Socket Communication Testing Programs

 SSL Client Authentication

 HTTPS (Hypertext Transfer Protocol Secure)

 References

 PDF Printing Version