Presentation is loading. Please wait.

Presentation is loading. Please wait.

ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate."— Presentation transcript:

1 ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate Certificate Verify ChangeCipherSpec Handshake ChangeCipherSpec Handshake Optionally send server certificate and request client certificate Change CipherSpec and finish handshake. Send client certificate response if requested. Session Establishment ClientServer

2 ClientHello ServerHello Establish protocol version, session-id ( Including previous session info), cipher suite, compression method. ChangeCipherSpec Handshake ChangeCipherSpec Handshake Change CipherSpec and finish handshake. ClientServer If the Client wants to reuses the same session, if sends the previous session id in the clientHello message. If the servers wants to reuse the same session then it sends the same session id back in the serverHello Session Reusability

3 Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Child (Fork) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a b c e d f g In step (a & b) Web Browser(Client) establishes a connection with the Linux Application Content Switch (LACS). (c ) LACS forks and creates a new Process, the child process reads the HTTP request (d & e ) Child process establishes a connection with the rule matching module, the rule matching module sends back the information about the Real Server, that is going to serve the Request (f & g) Child process establishes a connection with the real Server and sends the Request to the Real Server Process Control for Dynamic Forking LACS

4 Process Control for Pre-forked LACS Web Browser Socket File Descriptor Linux Application Level Content Switch (LACS) Socket File Descriptor Decide Real Server Socket File Descriptor Real Server a d c e f Child nChild 1Child 2 b In the Pre-fork model of LACS, child Process are created ahead of time In step (a & b) Web Browser(Client) establishes a connection with the LACS child Process and sends an HTTP request (c & d ) child process reads the HTTP Request and establishes a connection with the rule matching module. The rule matching module sends back the information about the Real Server, that is going to serve the Request (e & f) Child process establishes a connection with the real Server and sends the Request to the Real Server

5 Dynamic Rule Update In the configuration section the following information is defined #define RULE_SERVER_NAME“abc.uccs.edu" #define RULE_SERVER_PORT4000 #define DEFAULT_RULE_SERVER_NAME“xyz.uccs.edu" #define DEFAULT_RULE_SERVER_PORT4000 The Rule Module can run on the same or different machine as the LACS. The Child process tries to establish a connection with the machine running the Rule Module. If the child process is unable to establish a connection it will route the rule matching information to the DEFAULT_RULE_SERVER_NAME. To UPDATE the Rule Module the user needs to –down/kill the rule matching module/process. –Update with the new rule matching information –compile and run the rule matching process When the rule matching process is down – Rule matching will be performed by the DEFAULT_RULE_SERVER_NAME When the rule matching process is back – Rule matching will be performed by the RULE_SERVER_NAME

6 Impact of Rules on the Performance of Dynamic LACS on 933 MHz, 512 MB Ram Clearly there is some impact of Rules on the the Performance of Dynamic Forking LACS –the lower the rules the better the performance N o heavy impact of the performance of the LACS with increase in the number of rules

7 Impact of Real Servers on the Performance of Dynamic SSL LACS on 933 MHz, 512 MB Ram Clearly there is no impact of Real Server on the the Performance of Dynamic Forking SSL LACS –LACS is the bottleneck ??

8 Performance of LACS on 512 MHz, 512MB RAM The performance of the Pre-forking SSLProxy is better than Dynamic Forking SSLProxy

9 Performance of LACS on 933 MHz, 512 MB Ram The performance of the Dynamic forking SSLProxy is better than Pre-forked SSLProxy.

10 Performance of LACS on 933 MHz, 512 MB Ram Rule Module running locally Pre-fork SSLProxy Overtakes Dynamic SSLProxy Dynamic SSLProxy Performance was degraded by 100% Others Variations of LACS did not suffer much

11 Performance of LACS on 933 MHz, 512 MB Ram, Rule Module running on 233 MHz, 96MB RAM No major change in performance w.r.t rule module running locally

Download ppt "ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate."

Similar presentations

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

SMUCSE 5349/49 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.

Lecture 7: Transport Level Security – SSL/TLS CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lecture by Tony Barnard.
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

Similar presentations

Ads by Google