Summary

  

SSL was developed for confidentiality, message integrity, and end-point authentication. There have been several versions of SSL and version 3 is the current one. Based on SSL v3, TLS was created to address some of SSL's weaknesses. The handshake and data phases are the phases in data connections. These phases divide the two layers of SSL: the SSL handshake and the SSL record. An SSL session is created every time a new master_secret is negotiated and may have one or more connections. SSL allows for client verification as well as server verification.

The purpose of the SSL handshake is threefold. First, the client and the server need to agree on a set of algorithms that will be used to protect the data. Second, they need to establish a set of cryptographic keys that will be used by those algorithms. Third, the handshake may optionally authenticate the client. So far, there are no known attacks to SSL, but several SSL implementations are vulnerable to some attacks such as the man-in-the-middle attack and the million-message attack.

This chapter also briefly discussed wireless principles such as Wireless Transport Layer Security (WTLS), Wireless Session Protocol (WSP), and Wireless Application Protocol (WAP).

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net