Lab 8 TLS (Transport Layer Security)
Lab Objective:
The goal of this lab is to learn how TLS works and why TLS is so important to securing information traveling between web browsers and web servers.
Background:
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
There are so many misconceptions and misunderstandings about TLS and how it works. In fact, many people still say SSL (Secure Sockets Layer) when they actually mean TLS, which replaced SSL. SSL 2.0 was deprecated in 2011, and SSL 3.0 was deprecated in 2015, yet you’ll see a great number of SSL references all over the place and hear people say it on a daily basis. The most current version of TLS is TLS 1.3, but the most current deployed version (as of this writing) of TLS is TLS 1.2. Let’s take a deep dive into TLS.
Procedures:
TLS can be implemented in two ways, with two variations each. Head over to Cloudflare’s TLS page at www.cloudflare.com/learning/ssl/keylessssl/
Read the “What is keyless SSL?,” “How does keyless SSL work?,” “What is a session key?” and “What are the steps for generating session keys?” sections. Although SSL (Secure Sockets Layer), a deprecated protocol, is all over the page (as mentioned earlier, this is the case in many places), the website admits that the term is used incorrectly in the second paragraph with the phrase “SSL, more accurately known as TLS.”
Now take a look at how TLS can be implemented: the two ways with two variations each. Read the section “The RSA Key Exchange,” and examine the “SSL Handshake (RSA) Without Keyless SSL” diagram. Answer the following questions:
a. What encrypted item does the client send to the server?
b. What does the client encrypt the item with?
c. What does the server decrypt this encrypted item with?
d. What does each side independently do next?
e. When is the only time a private key is used?
Read the next paragraph about keyless SSL and examine the “Cloudflare Keyless SSL (RSA)” diagram. Answer the following questions:
f. How does this version differ from the “SSL Handshake (RSA)
Without Keyless SSL” version?
g. Which companies might be interested in using the “Without Keyless”
version and which companies might be interested in using the
“Keyless” version?
Read the “The Ephemeral Diffie-Hellman Key Exchange” section and analyze the “SSL Handshake (Diffie-Hellman) Without Keyless SSL” diagram. Answer the following questions:
h. What encrypted items does the server send to the client?
i. What does the server encrypt these items with?
j. What does the client decrypt these encrypted items with?
k. What does each side independently do next?
l. When is the only time a private key is used?
Read the next paragraph about keyless SSL and examine the “Cloudflare Keyless SSL (Diffie-Hellman)” diagram. Answer the following questions:
m. How does this version differ from the “SSL Handshake (Diffie-Hellman) Without Keyless SSL” version?
n. Which companies might be interested in using the “Without Keyless” version and which companies might be interested in using the “Keyless” version?
Read the paragraph and section, “What is forward secrecy? What is perfect forward secrecy?” that follows. Answer the following questions:
o. Which implementation, RSA handshakes or Diffie-Hellman
handshakes, do you think are far more common today?
p. Why do you think this is the case?
To gain a better understanding about the multiple session keys, go to this website: www.cloudflare.com/learning/ssl/what-is-a-session-key/
q. Answer this question: What are the four session keys and why are all four needed?
The post Lab 8 TLS (Transport Layer Security) Lab Objective: The goal of this appeared first on PapersSpot.
