SSL/TLS Protocol Description

Question

It may seem crazy to you, but I wasn't able to find any detailed description of these security protocols on the web (except wikipedia).

Can you point me out some documentation of the protocols implementations?

Is there anything more specific that you want to know about? — Bruno, Apr 20 '12 at 11:06
There is now a [dedicated question on security.SE](http://security.stackexchange.com/questions/20803/how-does-ssl-work) on that subject, with detailed answers. — Thomas Pornin, Dec 04 '12 at 03:22

score 4 · Answer 1 · answered Apr 20 '12 at 10:56

4

A quick Google search returned:

answered Apr 20 '12 at 10:56

Gurzo

1,117
6
18

Hey thanks a lot, was it me blind, or you who knew were to look? ;D – Matteo Apr 20 '12 at 12:31
TBH, I just googled it and checked for reliable domains ;) – Gurzo Apr 20 '12 at 14:41

score 4 · Accepted Answer · edited Oct 07 '21 at 06:58

To add to Gurzo's list, here are a few other links with diagrams:

For the actual references:

Proper usage of SSL/TLS also depends on other factors. In general, X.509 certificates will also be used and verified using the PKIX specification (not an easy read if you're new to the field). (Other types of certificates/authentication methods can be used in some cases.) You may also want to tie this up with the certificate host name verification: RFC 2818 (section 3.1) (HTTPS) and RFC 6125 (more general). These are not part of SSL/TLS as such, but are part of the overall picture to establish a secure connection.

(If you're also after the difference between SSL, TLS and their usage modes such as STARTTLS, you may also want to have a look at this rather detailed answer on ServerFault I wrote a few weeks ago.)

Perhaps you might also be interested in this question: http://security.stackexchange.com/q/10022/2435 — Bruno, Apr 20 '12 at 11:19
Hey thanks a lot, was it me blind, or you who knew were to look? ;D — Matteo, Apr 20 '12 at 12:31

SSL/TLS Protocol Description

2 Answers2