Alert Message Protocol in SSL

Sarath Pillai's picture
Alert Message Protocol SSL

Unitill now we have seen that, in an SSL handshake the server or the client, does have a mechanism to secure the communication, as well us check the integrity of the message with the help of record layer protocol in SSL. But what if something breaks during the initial handshake?

There is a mechanism included in the architecture of SSL protocol, to inform the other recieving end, about any irregularities.

This mechanism, used in SSL to inform the other end, of any irregulartity or failure in authentication, is called as Alert Protocol in SSL.


noteThe primary job of the Alert Protocol in SSL is to inform the other end about the issues(if any), in the current session.

 


This message consists of two fields as shown below.

Alert MessageCriticality of the alertDescription of the alert

notefatal alert messages, will result in a sudden end of the SSL session.

 

 

Similar to other protocol's in SSL, this alert messages is also encrypted, and also sometimes compressed if applicable.

Some of the fatal alert message types and its descrption along with criticality is mentioned in the below table. You can find more infor about them on RFC2246 from IETF.

Message Type

CriticalityExplanation
Handshake_failureCriticalSecurity parameter's which not acceptable
bad_record_macCriticalIncorrect Message Authentication Code
Unknown CACriticalUnknown certificate Authority
Certificate_expireNot CriticalThe certificate provided, is expired
Unsupported_certificateNot CriticalCertificate Provided is not Supported
Protocol_VersionNot CriticalCurrently Unsupported Protocol
Internal_errorNot CriticalError which is not related to ssl protocol

 

Rate this article: 
Average: 5 (1 vote)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.