|
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.〔(【引用サイトリンク】title=The Transport Layer Security (TLS) Protocol, Version 1.2 )〕 Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major web sites (including Google, YouTube, Facebook and many others) use TLS to secure all communications between their servers and web browsers. The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications.〔 When secured by TLS, connections between a client (e.g. a web browser) and a server (e.g. wikipedia.org) will have one or more of the following properties: * The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated at the start of the session (see Handshake Protocol). The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted (see Algorithm). The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places himself in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected). * The identity of the communicating parties can be authenticated using public key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server). * The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.〔 In addition to the properties above, careful configuration of TLS can provide additional privacy-related properties such as forward secrecy, ensuring that any future disclosure of encryption keys cannot be used to decrypt any TLS communications recorded in the past.〔(SSL: Intercepted today, decrypted tomorrow ), Netcraft, 2013-06-25.〕 TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity (see Algorithm). As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above (see authentication and key exchange table, cipher security table, and data integrity table). Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats (see Security). Web browsers have also been revised by their developers to defend against potential security weaknesses after these were discovered (see TLS/SSL support history of web browsers.) The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999 and updated in RFC 5246 (August 2008) and RFC 6176 (March 2011). It is based on the earlier SSL specifications (1994, 1995, 1996) developed by Netscape Communications〔(【引用サイトリンク】title=The Secure Sockets Layer (SSL) Protocol Version 3.0 )〕 for adding the HTTPS protocol to their Navigator web browser. ==Description== The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server the setup of a TLS connection. There are two main ways of achieving this. One option is to use a different port number for TLS connections (for example, port 443 for HTTPS). The other is for the client to use a protocol-specific mechanism (for example, STARTTLS for mail and news protocols) to request that the server switch the connection to TLS. Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure.〔"(SSL/TLS in Detail )". ''Microsoft TechNet''. Updated July 31, 2003. 〕 During this handshake, the client and server agree on various parameters used to establish the connection's security: * The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and presents a list of supported cipher suites (ciphers and hash functions). * From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision. * The server usually then sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA) and the server's public encryption key. *The client may contact the server that issued the certificate (the trusted CA as above) and confirm the validity of the certificate before proceeding. * In order to generate the session keys used for the secure connection, the client either: * * encrypts a random number with the server's public key and sends the result to the server (which only the server should be able to decrypt with its private key); both parties then using the random number to generate a unique session key for subsequent encryption and decryption of data during the session * * uses Diffie-Hellman key exchange to securely generate a random and unique session key for encryption and decryption that has the additional property of forward secrecy: if the server's private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes. If any one of the above steps fail, the TLS handshake fails, and the connection is not created. The Internet Protocol Suite places TLS and SSL as tools to the application layer, while the OSI model characterizes them as being initialized in Layer 5 (session layer) and operating in Layer 6 (presentation layer). The session layer employs a handshake using an asymmetric cipher in order to establish cipher settings and a shared key for a session; the presentation layer encrypts the rest of the communication using a symmetric cipher and the session key. TLS and SSL may be characterized to work on behalf of the underlying transport layer protocol, which carries encrypted data. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Transport Layer Security」の詳細全文を読む スポンサード リンク
|