Introduction to TLS

Why?

Lots of questions about TLS on the mailing lists

It is clear many folks don’t understand how TLS works

Debugging something you don’t understand is hard

Should use TLS not SSL

I’ll probably use them interchangeably
(as do the Tomcat docs)

Cryptography Basics

Symmetric Encryption

Use the same secret key to encrypt and decrypt

Asymmetric Encryption

Pair of keys, A and B

A and B are mathematically related

Very hard to derive one from the other

Encrypt with A, decrypt with B

Encrypt with B, decrypt with A

Make one key public

Keep one key private

Asymmetric Encryption

Encrypt with public key, decrypt with private key

Asymmetric Encryption

Encrypt with private key, decrypt with public key

Hash Functions

Generate a fingerprint (hash) for a given input

Small change in input gives a large change in the hash

Very difficult to generate an input for a given hash

Digital Signatures

Proves a document was sent by a given entity

Digital Signatures

Validation

Digital Signatures

If the hashes match...

...then the public key decrypted the digital signature...

...so the private key created the digital signature...

...so the owner of the private key signed the document

Who owns the private key?

Certificates

Associates a public key with an identity

Certificates

CA is Certificate Authority

Need to link CA's public key to CA's identity

Use another certificate

Result is a chain of certificates

Chain ends with a root certificate authority

There are multiple root CAs

Root Certificates

Self-signed

Alternative trust path required

Often installed by OS

Manual validation against root CA's web site

TLS Handshake: Starting point

Client:

• CA certificates
• supported algorithms

Server:

• Certificate
• Private key
• supported algorithms

Step 1: ClientHello

Client generates random number

Client sends message to server

• supported algorithms
• random number

Step 2: ServerHello

Server generates random number

Server compares algorithms

• selects algorithms

Server sends message to client

• selected algorithms
• random number

Step 3: Certificate

Server sends message to client

• Server certificate

Client validates certificate

Step 6: ServerHelloDone

Server sends message to client

• No content

Step 8: ClientKeyExchange

Client generates pre-master-secret

Client encrypts PMS with Server's public key

Client sends message to server

• Encrypted PMS

Step 10: ChangeCipherSpec

Client generates master-secret

• R_C + R_S + PMS

Client switches to encrypted mode

• Algorithms agreed in step 2
• Symmetric encryption with MS

Client sends message to server

• No content

Step 11: Finished

Client has completed handshake

Client sends message to server

• No content

Step 12: ChangeCipherSpec

Server decrypts PMS

Server creates MS

• R_C + R_S + PMS

Server switches to encrypted mode

• Algorithms agreed in step 2
• Symmetric encryption with MS

Server sends message to client

• No content

Step 13: Finished

Server has completed handshake

Server sends message to client

• No content

Encryption

Algorithms agreed in step 2

Symmetric

Master secret is shared secret key

TLS Extensions

Client certificate authentication

Server Name Indication

Application Layer Protocol Negotiation