While current internet standards implement TLS 1.3 (Transport Layer Security), we’ve made significant strides in securing communication over the internet. The journey began with the development of SSL (Secure Sockets Layer) 1.0, which was never publicly released due to serious flaws. This was followed by SSL 2.0, which introduced a handshake protocol before establishing a connection between the client and server. Every protocol has its own vulnerabilities, and to this day, no single protocol provides a completely secure solution. However, in cybersecurity, we continuously strive to develop ‘better’ solutions, recognising that while these may not be perfect, they are the best options available at present.
The SSL 2.0 handshake protocol aims to send ‘ClientHello’ from the client and ‘ServerHello’ from the server over an insecure channel, typically over a Transmission Control Protocol (TCP) connection. The purpose of these messages is to establish the parameters for the secure session that will follow, including negotiating the encryption methods and exchanging the necessary cryptographic data. This includes a ‘cipher suite’ which is a list of encryption algorithms such as RC4-MD5, DES-CBC-MD5, and RC2CBC-MD5 sent to the server to choose the most secure algorithm that both machines support, as shown in Figure 1.
The server responds with a ‘ServerHello’ message including the selected cipher suite, another random value (nonce), and the server’s certificate containing its public key. After these initial messages are exchanged, the process of key exchange and session establishment begins, and eventually, the communication is encrypted using the session key derived from the handshake process. This encryption secures subsequent data exchanges.
Key exchange methods
Denne historien er fra October 2024-utgaven av Open Source For You.
Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.
Allerede abonnent ? Logg på
Denne historien er fra October 2024-utgaven av Open Source For You.
Start din 7-dagers gratis prøveperiode på Magzter GOLD for å få tilgang til tusenvis av utvalgte premiumhistorier og 9000+ magasiner og aviser.
Allerede abonnent? Logg på
Red Hat unveils Red Hat OpenShift Virtualization Engine
Red Hat OpenShift Virtualization Engine is a new edition of Red Hat OpenShift that offers a dedicated solution for organisations to leverage the virtualisation capabilities already available within Red Hat OpenShift.
Spring AI: A Door to GenAI Heaven for Java Developers
Let's explore the Spring AI framework and its advantages, and look at how it is helping Java developers adopt AI.
Significant security vulnerabilities drive the release of Rsync 3.4
Rsync, the widely used utility for incremental file transfers and synchronisation, has released version 3.4. This update isn't packed with exciting new features but is instead critical due to several newly disclosed security vulnerabilities.
NVIDIA puts Grace Blackwell at every AI developer's fingertips
NVIDIA has introduced NVIDIA Project DIGITS, a groundbreaking personal AI supercomputer designed to empower AI researchers, data scientists, and students NVIDIA® NVIDIA GRACE BLACKWELL with the immense capabilities of the NVIDIA Grace Blackwell platform.
Top Tools for DevOps, Cybersecurity, and Cloud Management in 2025
In 2025, organisations will continue to rely on open source tools to retain a competitive edge. We look at why the best tools for DevOps, cybersecurity and cloud management will remain relevant and how best to integrate them into your organisation.
CREW: Open source platform to improve human-AI interaction
As human-AI collaboration deepens, critical questions arise: How should humans and AI complement one another? What kind of feedback enhances AI training? How can trust in AI be optimised to balance collaboration without over-reliance? Researchers at Duke University are addressing these challenges through CREW-an innovative platform designed to advance human-AI teaming.
Red Hat completes the acquisition of Neural Magic
Red Hat, Inc., has announced the completion of its acquisition of Neural Magic, a trailblazer in software and algorithms that accelerate generative AI (GenAI) inference workloads.
The Do's and Don'ts for Software Architects
Here's a list of best practices for software architects as well as the common mistakes they should try not to fall prey to.
openSUSE's Tumbleweed introduces Wayland support for the LXQt desktop environment
The openSUSE Project has announced that its Tumbleweed rolling release distribution now includes Wayland support for users of the LXQt desktop environment.
A Guide for Software Architects: Common Mistakes and Best Practices
Software architects play an invaluable role in the digital transformation of an organisation. To make a mark, they must imbibe certain qualities and avoid common errors.
