We live in a world of digital communication and cryptography has become an essential part of it. Attempts to break an encrypted communication have existed since the beginning of encryption. The vastness of attacks possible on a crypto-based ecosystem makes it tough to understand and evaluate the practical risk involved.
In this Knowledge Sharing article, Aditya Lad and Prasoon Dwivedi focus on the SSL/TLS protocol which is heavily relied upon for day-to-day encrypted communication. Their article explores the basic history of SSL/TLS, its development, and major changes in successive protocol versions along with references to official RFCs where one can always refer for a detailed study.
The authors briefly define what constitutes a SSL/TLS network packet and describe its fields and their relevance. They also touch upon other similar protocols such as IPSec, DTLS, WPA/WEP, and SSH. Also explored are ways to scan a typical SSL service for the kind of ciphers and the SSL/TLS protocol version it supports.
This article delves into SSL in a practical way to solve the day-to-day problems and dilemmas engineers face. Its intent is impart the knowledge and tools required to understand and troubleshoot typical SSL/TLS related problems and gain knowledge and insight to understand and evaluate risk for complex security issues that arise from time to time such as HeartBleed, POODLE, TIME, and CRIME.