Computing [Home Page]
---------------------------------------------------------------------------

Server Certificates and SSL - What, Why, Issues

(Security Infrastructure Project, 21 March 2002)

Overview

The network connection between your browser and a web server can be kept private and secured with Secure Socket Layer (SSL).  However, both users and web site administrators need to know several, generally unmentioned, assumptions about the use of SSL.

Such details are important so that the privacy and integrity level actually provided matches or exceeds that required by the data or functions exposed to the network.   Ignorance may be bliss, but it is not wise!

Secure Socket Layer (SSL) provides server authentication, and data connection privacy and integrity.  SSL was developed by Netscape.  The Internet Engineering Task Force standard is called  Transport Layer Security (TLS).

SSL Integrity
You know the source of the information you view and the destination of any information you provide.  The remote server is securely identified by a validated server certificate, and the data is tamperproof because the entire session is encrypted.

SSL Privacy
You know that the information you view or provide cannot be intercepted and compromised by third-parties.  All data exchanged over the network is encrypted.

A server certificate allows your browser to verify that the server at the other end of the network connection is exactly the server that you or a web page you are viewing has specified.  On opening an SSL session, your browser:

  1. Checks the digital signature to validate the certificate contents. This requires knowing the public key of the Certificate Authority (CA).  That key is usually built-in to the browser as the CA's root certificate.
  2. Checks the common name against the URL you requested.  For example in "https://software.berkeley.edu/index.html", the server's common name is "software.berkeley.edu".
  3. Checks the validity dates against the workstation date and time.

Then SSL negotiates a secret session encryption different than used for the server certificate signature.  This saves processing time, because the secret key session encryption uses cryptography that is less compute-intensive than public key. A different secret key is used for every session, so the resistance to compromise is strong.  The negotiation chooses the strongest session encryption within the capabilities of both the client browser and the server.

Issues for the Browser User

  1. You should never accept the browser's offer to continue if any of the certificate tests above fail!  And under no circumstances should you click on anything that says "Install Certificate" or the like!
  2. Check your browsers security capability (see Resources). It should allow only SSL version 3 and TLS version 1.  SSL version 2 is old and has flaws.  Upgrade your browser if it does not meet these minimums and review your settings to make sure only SSL 3 and TLS 1 are allowed.

Issues for the Site Administrator

Server Certificate Issues

  1. The server certificate should be provided by a reliable third-party called a Certificate Authority (CA) which must verify the information in the certificate.  This means an established service company such as VeriSign.  Privately generated and test certificates are risky - do not trust private data to these. 
  2. The server certificate should use the maximum, generally available, encryption strength.  Usualy this is 1024 bits or hgiher.  The server certificate must withstand off-line, known plaintext attack!
  3. Generate a new public key and private key pair every time you renew your certificate.  Don't save time by resubmitting the same public key!

Session Encryption Issues

  1. Web servers should provide and enforce 128-bit or higher session encryption.  40-bit and 56-bit session encryption are weak and should not be allowed.
  2. SSL version 2 should no longer be used or allowed by the web server.   SSL version 2 is old and has flaws.  SSL version 3 and TLS version 1 are much stronger.
  3. A good pseudo-random number generator (PRNG) on the web server is essential to the quality and strength of the session encryption.  Check your web server documentation.

Final Word

SSL provides authentication and secure transport end-to-end, but an evaluation of the overall privacy and security delivered by a web service involves other, numerous, human and technological considerations.  In particular, the security of the server system, services, and data sources need to be evaluated.  In some cases the security of the client workstation is important.  Who has access?  Who can make changes?

Resources

SSL and TLS Essentials, Stephen Thomas, Wiley 2000, ISBN 0-471-38534-6.

SSL/TLS Strong Encryption - An Introduction [Apache]

Page modified: 13 Apr 2016 12:25:02 -0700

--------------------------------------------------
[Back to Top   [Home Page]