Alert Message Protocol in SSL
Unitill now we have seen that, in an SSL handshake the server or the client, does have a mechanism to secure the communication, as well us check the integrity of the message with the help of record layer protocol in SSL. But what if something breaks during the initial handshake?
There is a mechanism included in the architecture of SSL protocol, to inform the other recieving end, about any irregularities.
This mechanism, used in SSL to inform the other end, of any irregulartity or failure in authentication, is called as Alert Protocol in SSL.
The primary job of the Alert Protocol in SSL is to inform the other end about the issues(if any), in the current session.
This message consists of two fields as shown below.
|Alert Message||Criticality of the alert||Description of the alert|
fatal alert messages, will result in a sudden end of the SSL session.
Similar to other protocol's in SSL, this alert messages is also encrypted, and also sometimes compressed if applicable.
Some of the fatal alert message types and its descrption along with criticality is mentioned in the below table. You can find more infor about them on RFC2246 from IETF.
|Handshake_failure||Critical||Security parameter's which not acceptable|
|bad_record_mac||Critical||Incorrect Message Authentication Code|
|Unknown CA||Critical||Unknown certificate Authority|
|Certificate_expire||Not Critical||The certificate provided, is expired|
|Unsupported_certificate||Not Critical||Certificate Provided is not Supported|
|Protocol_Version||Not Critical||Currently Unsupported Protocol|
|Internal_error||Not Critical||Error which is not related to ssl protocol|
- SSH Port Forwarding in Linux: Configuration and Examples
- Linux IPTABLES Firewall Tutorial: Getting Started with basics
- What is Port knocking and how to configure it in Linux
- Secure Zone transfer in BIND using TSIG(Transaction Signatures)
- Linux IPSec site to site VPN(Virtual Private Network) configuration using openswan