top of page

SSL Authentication

SSL - Secure Socket Layer encryption - has two basic goals. Hiding what is sent from your computer to another, and making sure the computer you're communicating with is one you trust. If you are using a site whose address begins https they should perform a 'handshake' which involves the computers agreeing on how to encrypt; the server transferring a certificate; and the messaging between the two henceforth being encrypted. When the computer sends a 'hello message' to a server it will specify available keys (RSA, Diffie-Hellman, or DSA); a cipher (RC4, Triple DES, or AES - the way in which data in encrypted), and a hash (HMAC-MD5 or HMAC-SHA - the message authentication code). A random number will also be sent to calculate encryption keys. The server then selects one of each type as a means for communication. The server will then send a certificate the client with a public key. These methods ensure that when a user enters a password it will be scrambled in a code that can't be deciphered by anyone that intercepts it.

The next step is to confirm that the computer you're communicating with is one you trust. When using most web browsers when you're on a secure site you should see a padlock next to the web address.

When you click on this padlock icon, it should provide you information about a type of certificate provided by a certificate authority. VeriSign is one common authority, TrustWave is another. A web browser will only trust certain types of certificates.

The certificate will have a version number, serial number, algorithm ID, issuer, validity, company details, public key info, issuer id and company id. A thumbprint hash value will be generated from all of these values for the certificate.

A browser will stored certifications from several different certification authorities. In Windows start, type in certmgr.msc to bring up the Certificate manager, to view these certificates.

SSL was succeeded by Transport Layer Security, which is often still referred to as 'SSL'.

SSL is one of three authentication technologies that a user can use to log into Relativity. More on the other two technologies on Monday and Tuesday night.

See an excellent description of SSL in this YouTube posting by Simon Dennis.

bottom of page