RE: SSL workings

From: Joey Peloquin (jpelo1_at_jcpenney.com)
Date: 12/03/03

  • Next message: Quentin Hartman: "Re: fire suppression"
    Date: Tue, 02 Dec 2003 17:56:57 -0600
    To: trystano@aol.com, security-basics@securityfocus.com
    
    
    

    Yes, it sounds like you're a beginner; we all were at one time. Being a
    beginner, however, does not excuse you from your responsibility of
    _attempting_ to research a topic on your own before bringing it to a
    public forum. See http://www.catb.org/~esr/faqs/smart-questions.html
    for information on "How to Ask Questions the Smart Way".

    Now, to answer your question, and some of the questions you inevitably
    _will_ have the deeper you research, first memorize this URL to find
    RFCs: http://search.ietf.org/

    AFAIK, SSL was a Netscape spec, though, so it's here:
    http://wp.netscape.com/eng/ssl3/draft302.txt

    And, you might as well read up on the successor to SSL, TLS:

    http://www.ietf.org/rfc/rfc2246.txt
     
    TLS again, this obseletes the preceeding doc:

    http://www.ietf.org/rfc/rfc3546.txt

    Depending on _how_ new you are, you may also find this useful:

    http://ietf.org/rfc/rfc2151.txt

    I don't intend any offense; it just pisses me off when it appears
    someone hasn't even attempted to help themselves before asking or
    expecting the community to help them. Help us help you.

    Joey Peloquin

    -----Original Message-----
    From: trystano@aol.com [mailto:trystano@aol.com]
    Sent: Tuesday, December 02, 2003 11:18 AM
    To: security-basics@securityfocus.com
    Subject: SSL workings

    Can some please highlight exactly how SSL works. I know it encrypts data
    sent between a client and a server and uses authentications through use
    of certificates etc.

    But does it secure the a socket/port out of which the data is being
    transffered. Does SSL send data through a different port that normal
    unprotected data transfers?

    Sorry if this sounds kind of beginner like :-s

    Cheers

    Tryst

    
    

    The information transmitted is intended only for the person or entity to
    which it is addressed and may contain confidential and/or privileged
    material. If the reader of this message is not the intended recipient,
    you are hereby notified that your access is unauthorized, and any review,
    dissemination, distribution or copying of this message including any
    attachments is strictly prohibited. If you are not the intended
    recipient, please contact the sender and delete the material from any
    computer.

    
    

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Quentin Hartman: "Re: fire suppression"

    Relevant Pages

    • Re: Electronic Signature And Encryption
      ... I'd look at a combination TLS (or SSL) and GPG. ... On 5/14/07, Maqhinga Sikhosana wrote: ... In my friend's organisation they intend to implement two solutions; ...
      (Security-Basics)
    • Re: stack operation
      ... I would like to take some time to explain to neeraj some things ... (though I am also a beginner here,I would say): ... 3.And nobody will get angry if you do not intend to make them so. ... Mohan Gupta ...
      (comp.lang.c)
    • Book recomandation please
      ... Is there any REALLY good book for Absolute C# Beginner? ... I intend to work in Visual C# .NET 2003, any recomandation will help ...
      (microsoft.public.dotnet.languages.csharp)