Monday, 31 January 2022

OpenSSL, TLS SSL

 https://www.quora.com/What-is-OpenSSL-and-how-does-it-work

https://security.stackexchange.com/questions/59184/which-browsers-are-using-openssl#:~:text=None%20of%20the%20major%20browsers,list%20of%20these%20libraries%20here.

OpenSSL is C based library and it ships following library:

  1. Crypto library: It provides core cryptographic functions such as AES, RSA and also utilities like big number..
  2. SSL library: It provides different SSL protocol (like ssl2, ssl3, tls)

It also ship `openssl` application which provides CLI over these library. Using openssl application, you can perform different operations:

  1. Encrypting/decrypting a content
  2. Generating public-private key pair
  3. Check what certificate a SSL server is sending

And so on.

It is written in C. Other languages provide wrapper over OpenSSL. It is cross-platform and runs on devices ranging from small IoT devices to big mainframe computers.

I personally think that it is second-most used code after linux kernel written in C.



The OpenSSL library is mostly used on the server side and is currently being used by many web servers. In fact, as of 2014, almost two thirds of all web servers on the internet make use of OpenSSL.


WEB Servers can use OPEN SSL to encrypt data and send to each other



You are absolutely right about the libraries that you've mentioned. None of the major browsers make use of OpenSSL. Most of the libraries mentioned in the question are protected by under copyright by their respective vendors. In fact, the SChannel library is not even Open Source. You can find a list of these libraries here.




Encrypting/decrypting with Open SSL  , encryption is done using public/private key pairs and encryption uses SSL/TLS 



SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.


https://sectigostore.com/blog/ssl-vs-tls-decoding-the-difference-between-ssl-and-tls/


SSL is a cryptographic protocol that uses explicit connections to establish secure communication between web server and client. TLS is also a cryptographic protocol that provides secure communication between web server and client via implicit connections.



https://www.ipa.go.jp/security/rfc/RFC5246-ABJA.html


TLS Protocol Version 1.2. AES [AES] is a widely used symmetric encryption algorithm。 AES is a block cipher with a 128-, 192-, or 256-bit keys and a 16-byte block size。 TLS currently only supports the 128- and 256-bit key sizes。


https://kinsta.com/knowledgebase/tls-vs-ssl/

Is TLS better than SSL?
The two are tightly linked and TLS is really just the more modern, secure version of SSL. While SSL is still the dominant term on the Internet, most people really mean TLS when they say SSL, because both public versions of SSL are not secure and have long since been deprecated.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)