Server Name Indication SNI Extension from RFC 3546, Transport Layer Security (TLS) Extensions. Allows a client to specify at the very beginning o… See more
Security
Besides implementation problems leading to security issues, there is security inherent to the protocol itself. It is … See more
Handshake
A connection always starts with a handshake between a client and a server. This handshake is intended to provide a secret key to both client and server that will be used to cipher the flow. In fact a master secret is ob… See more
Session Resumption
Since the handshake uses public key cryptography heavily and this is CPU intensive compared to symmetric ( secret key ) cryptography, the protocol provides ways to reuse existing credentials to reissue ne… See more
Renegotiation
On a Ssl connection a renegotiation can occur to request for new cipher suites or key materials. To renegotiate : a Client will send a ClientHelloover its existing SSL connection a Server will send a HelloRequ… See more
Server Authentication
Server Certificate This is Public KeyCertified by a Certificate with Trust from the client. Trust from the client can be done automatically with Certificate Authority trust. It is crucial that clients che… See more
Client Authentication
Client authentication is optional. In many cases the client does not authenticate at the ssl layer, but rather with the usage of protocols above ssl, for example with HTTP authentication methods. See more