Connection Not secure is not the same as computer infected. The warning just means that the your information is not secure on that website and that you should refrain from entering any personal information. Transport Layer Security (TLS) is a cryptographic protocol created to ensure secured communications over the network. It was known as SSL before. In TLS, (public/private) keys and certificates are used for authentication. These certificates guarantee the identity of the web server. Its main purpose is that it allows the client to verify the server using the certificate mentioned above. Certificate (contains) = public key of server + server identity Client uses this certificate to send encrypted data back to the server. A Certificate Authority (CA) normally signs the authenticity of the certificate. It is a trusted party that has signed the certificate. The certificate also has a servers private key and the data encrypted with the public key can be decrypted only with the private key, TLS Workflow: 1. Client initiates connection using ClientHello message which contains the required encryption protocols and cyphers that the client supports 2. Server responds with ServerHello message and sends a server certificate containing the public key, signature from CA(Certificate Authority) and other general server information. 3. Client verifies the certificate for matching info and verifies all signatures. 4. If certificate is verified and the client creates a session key and encrypted with the public key of the server and sent back to the server. 5. Server decrypts the session key and the connection happens
0 Comments
|
ArchivesCategories
|