Posts

Showing posts from April, 2014

SSL Messages Exchange DeepDive (for advanced users)

Image
SSL packets are called records and can be classified into four types:

Handshake (22, 0x16)Change Cipher Spec (20, 0x14)Alert (21, 0x15)Application Data (23, 0x17)
Each record consists of: Type: uint8 Version: uint16Length: uint16Data
Types of Records
Handshake Records Handshake records contain a set of messages that are used in order to handshake. These are the messages and their values: Hello Request (0, 0x00)Client Hello (1, 0x01)Server Hello (2, 0x02)Certificate (11, 0x0B)Server Key Exchange (12, 0x0C)Certificate Request (13, 0x0D)Server Hello Done (14, 0x0E)Certificate Verify (15, 0x0F)Client Key Exchange (16, 0x10)Finished (20, 0x14) In the simple case, handshake records are not encrypted. However, a handshake record that contains a Finished message is always encrypted, as it always occurs after a Change Cipher Spec (CCS) record.
Change Cipher Spec Records CCS records are used in order to indicate a change in crpyto…

What is SSL Cryptography?

Image
Recently, I have been working on a project to deploy Cisco Jabber. Cisco Jabber needs integration with Cisco AnyConnect VPN for remote teleworkers. AnyConnect VPN is a sub-division of Cisco SSL VPN.

As I usually prefer, I will post in the following order:

1. What SSL Cryptograph?
2. SSL Messages Exchange DeepDive (for advanced users)
3. ASA SCEP Proxy Enrollment
4. Deploying Jabber for Remote Teleworkers (Step-by-Step Guide)

I prefer this order to avoid any gaps in knowledge transfer. Some of the posts won't be relevant to some people who already have the knowledge or not interested in VPN technologies.

SSL is a security protocol used to establish encrypted link between clients and servers to carry data securely. Clients can be outlook, web browsers, any connect client, etc.
Asymmetric Encryption
Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption. Anyone can use the encryption key (public key) to encrypt a message. However, decrypt…