ChangeCipherSpec Protocol in SSL

Sarath Pillai's picture
ChangeCipherSpec protocol

SSL is a secure protocol, that's heavily used for encrypted data communication to prevent eavesdropping. Before going ahead with understanding ChangeCipherSpec Protocol layer in SSL, we recommend you to have a look at the following articles, for a better understanding.

Read: Secure Socket Layer

Read:Record layer Protocol in SSL

Read: Handshake Protocol in SSL

ChangeCipherSpec messages are used in SSL to indicate, that the communication is shifted from unencrypted to encrypted.

This message informs that, the data following will be encrypted with the shared secret.

Or in other words, you can say that, this message is used to tell the other party(Server & Client), that the negotiated secret key and cipher suite will be used for the current communication now onwards.

change cipher spec protocol in ssl

This message, is sent by both the server and the client, to notify each other, that "Lets start using what we just negotiated".

This message is only of a single byte.

Just after the key exchange & certificate verification, the client sends the server this change cipher spec message. And on receiving the key exchange message, the server also sends back a change cipher spec message.


noteIf the server supports resuming older SSL session(which is indicated through "session id" in server hello message.), and the client wishes to resume an older session, then the client sends this change cipher spec message, just after the "hello messages"


For more information on Hello messages Read: SSL Hand Shake Protocol.


noteAn important fact to note about change cipher spec message is that, "SSL alert messages are produced, when this ssl cipher spec message is used, other than the normal fashion".

 

 

Rate this article: 
Average: 3.9 (13 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.