Specifications
FIGURE 15.4
SSL breaks up, compresses, hashes, and encrypts data before sending it.
One thing you might notice from the diagram is that the TCP header is added after the data is
encrypted. This means that routing information could still potentially be tampered with, and
although snoopers cannot tell what information we are exchanging, they can see who is
exchanging it.
The reason that SSL includes compression before encryption is that although most network
traffic can be (and often is) compressed before being transmitted across a network, encrypted
data does not compress well.
Compression schemes rely on identifying repetition or patterns within data. Trying to apply a
compression algorithm after data has been turned into an effectively random arrangement of
bits via encryption is usually pointless. It would be unfortunate if SSL, which was designed to
increase network security, had the side effect of dramatically increasing network traffic.
Although SSL is relatively complex, users and developers are shielded from most of what
occurs, as its external interfaces mimic existing protocols.
In the relatively near future, SSL 3.0 is likely to be replaced by TLS 1.0 (Transport Layer
Security), but at the time of writing, TLS is a draft standard and not supported by any servers
or browsers. TLS is intended to be a truly open standard, rather than a standard defined by one
organization but made available for others. It is based directly on SSL 3.0, but contains
improvements intended to overcome weaknesses of SSL.
Implementing Secure Transactions with PHP and MySQL
C
HAPTER 15
15
I
MPLEMENTING
S
ECURE
TRANSACTIONS
335
Compress
Calculate MAC
Encrypt
Packetize
<html><head><title><My Page</title>…Our data
d><title> M<html><hea y Page</tiData Packets
Compressed data
Message Authentication Code
Encrypted Packets
TCP Packets
TCP
header
19 7842 CH15 3/6/01 3:40 PM Page 335