| Internet is convenient, open, global characteristics, giving us convenient, it also brings a variety of security risks. SSL protocol is used to solve in the field of online payment security is an important agreement, a very wide application, almost all the major browsers support the product. It is based on TCP/IP network applications, providing authentication, data integrity, data confidentiality and other security services.Paper first describes the SSL protocol related to the basic principles of information security technology, symmetric encryption and asymmetric encryption two systems, digital envelope, message authentication, digital signature, digital date stamp and other technical methods and uses.Then introduced the SSL protocol architecture. Handshake protocol and the SSL record protocol is the core part of the session handshake agreement to resolve both the main parameters and identification of key issues, the main settlement agreement to transfer data record deal with the problem.Papers on the SSL protocol in detail the operation of process research, analysis of the SSL protocol flaws. There are SSL connection speeds slower than the TCP connection; on the application layer authentication of the uncertainty, there is no digital signature function of the application layer, SSL certificate to use mechanisms are imperfect; record header information and open the "Change Password Specification" message expressly state the shortcoming. DH key exchange protocol analysis of the characteristics of different options.From both algorithms and processes, lessons and experience of previous studies obtained and countermeasures to improve the way SSL.1. Use of ECC instead of RSA algorithm, the algorithm selected a short key, speed up the speed.2. With DCOM technology and JAVA technology, a separate design for the server and client modules of digital signatures.3. Draw on third-party KDC key distribution method, and simplified to achieve SSL key negotiation, avoiding a single chain of trust for authentication risk.4. Change your password on the outstanding specifications expressly state information, using the two programs to address. Prepared to discard the implementation of encrypted message to change the password specifications, ready to continue to use the information on the increase in certification services.5. Anonymous DH key agreement algorithm is used, there is an important parameter of the problem is not encrypted, authentication and encryption mode to combine to protect.6. Expressly state against recording head caused by traffic attack. Top data protection with SSL, VPN network layer data protection solution.Finally, the SSL still need to study. |
PDF Full Text Request