Two Way SSL: Mutual Authentication Mechanism

By


SSL (Secure Socket Layer) is the standard technology used for enabling secure communication between a client and sever to ensure data security & integrity. SSL has evolved with time and several versions have been introduced to deal with any potential vulnerabilities. SSL V2 released in 1995 was the first public version of SSL followed by SSL V3 in 1996 followed by TLS V1.0 in 1999, TLS V1.1 in 2006 and TLS V1.2 in 2008. 
For ensuring security of the data being transferred between a client and server, SSL can be implemented either one-way or two-way. In this post, I will briefly explain the difference between One-Way SSL and Two-Way SSL (also known as Mutual SSL).

How One-Way SSL Works?

In one way SSL, only client validates the server to ensure that it receives data from the intended server. For implementing one-way SSL, server shares its public certificate with the clients. 
Below is the high level description of the steps involved in establishment of connection and transfer of data between a client and server in case of one-way SSL:

1. Client requests for some protected data from the server on HTTPS protocol. This initiates SSL/TLS handshake process. 
2. Server returns its public certificate to the client along with server hello message.
3. Client validates/verifies the received certificate. Client verifies the certificate through certification authority (CA) for CA signed certificates.
4. SSL/TLS client sends the random byte string that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The random byte string itself is encrypted with the server’s public key.
5. After agreeing on this secret key, client and server communicate further for actual data transfer by encrypting/decrypting data using this key. 
Below is the pictorial description explaining how one way ssl works:

How Two-Way (Mutual) SSL works?

Contrary to one-way SSL; in case of two-way SSL, both client and server authenticate each other to ensure that both parties involved in the communication are trusted. Both parties share their public certificates to each other and then verification/validation is performed based on that.
 
Below is the high level description of the steps involved in establishment of connection and transfer of data between a client and server in case of two-way SSL:
1.Client requests a protected resource over HTTPS protocol and the SSL/TSL handshake process begins.
2 Server returns its public certificate to the client along with server hello. 
3. Client validates/verifies the received certificate. Client verifies the certificate through certification authority (CA) for CA signed certificates.
4. If Server certificate was validated successfully, client will provide its public certificate to the server.
5. Server validates/verifies the received certificate. Server verifies the certificate through certification authority (CA) for CA signed certificates.
6. After completion of handshake process, client and server communicate and transfer data with each other encrypted with the secret keys shared between the two during handshake. 
Below image explains the same in pictorial format:

One-Way SSL and Two-Way SSL Overview

we can check two implement Two Way SSL Handshake in Nginx and tomcat and NoSQL as fallows :



  







Comments

Post a Comment

Popular posts from this blog

Remote Friendly Companies

By
Image
 List of companies provide remote opportunities NAME WEBSITE REGION &yet andyet.com Worldwide 10up 10up.com Worldwide 15Five 15five.com Europe, Americas 17hats 17hats.com Worldwide 18F 18f.gsa.gov USA 1Password 1password.com North America, UK 42 Technologies 42technologies.com Worldwide abiturma abiturma.de Germany Ably ably.io Europe Abstract API abstractapi.com Worldwide acct acct.global Worldwide Acivilate acivilate.com USA Acquia acquia.com Worldwide ActiveCampaign activecampaign.com Dublin, Ireland; USA Ad Hoc adhocteam.us USA Adaface adaface.com Asia AddStructure bazaarvoice.com USA Adzuna adzuna.co.uk Worldwide AE Studio ae.studio USA, BR Aerolab aerolab.co Latin America AgFlow agflow.com Europe Aha! aha.io Worldwide Aim India aimincorp.com India Airbyte airbyte.com Europe, North America, Latin America AirGarage airgarage.com USA AirTreks airtreks.com USA Aivitex aivitex.de Germany Algorand algorand.com USA Algorithmia algorithmia.com the USA or Canada ALICE aliceplatfor...
Read more

Introduction to Istio, Kiali, Jaeger, Grafana, and Prometheus

By
Image
Are you curious about the magic behind those seamless web applications and services you use daily? Well, let's take a peek into the fascinating world of microservices and the tools that make them work like a charm: Istio, Kiali, Jaeger, Grafana, and Prometheus. These tools might sound a bit technical, but fear not! We're here to break it down in the simplest way possible. 1. Istio: The Traffic Director Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.  The control plane takes your desired configuration, and its view of the services, and dynamically programs the proxy servers, updating them as the rules or the environment changes. Before utilizing Istio After utilizing Istio Imagine you're m...
Read more

Docker Image Vulnerabilities and Scanner Guide: A Quick Overview

By
Image
V ulnerabilities in Docker images can expose your system to potential cyber threats. Tools like Docker Scout, Trivy,.. offer a fast and comprehensive way to scan for these vulnerabilities, ensuring a secure containerized environment. What is a Vulnerability? A vulnerability is a weakness or flaw in software that can be exploited by attackers to compromise a system’s security. In the context of Docker, vulnerabilities can exist within container images, making them potential entry points for cyber threats. Docker Image Vulnerabilities Docker images serve as the building blocks for containers. These images can contain   outdated   or   flawed components   that may pose security risks. Identifying and mitigating these vulnerabilities is crucial for a   secure containerized environment. Image Vulnerability Database:   https://dso.docker.com/explore Here are the top 5 tools to scan Docker images: Docker scout Trivy Clair Anchore Engine Dagda Synk Scan Docker Imag...
Read more