Sto cercando di capire dove si trova esattamente SSL / TLS nel modello OSI. Se guardo questa risposta su StackExchange ,
While all network models are imperfect, this question can only be answered by looking at what SSL (TLS really) does. (1) On top of a reliable network stream (TCP at OSI layer 4) it provides an encrypted bidirectional stream and (almost always) guarantees the identity of the server and (optionally) the client. The authenticating client can be a process, user or some other entity which can properly answer the required authentication challenges.
TLS means Transport Layer Security. However since it does implement session identity, integrity, start up, tear down and management it very much belongs in the session layer. The Wikipedia page states that this belongs to the OSI presentation layer. This is probably wrong. The presentation layer is more concerned with marshalling data into non-network-dependent formats and interpreting it on the host side through the appropriate application.
At-rest encryption (say in a database field or email message) might be a candidate for the presentation layer, but I would suggest that it's closer to a form of OS or application security.
So in reality TLS is mostly session-layer as it provides point-to-point session security for the transport (TCP). In other ways it provides authentication functions which are clearly application layer (OS, utility or user app).
So it's a lot of layer 5 and a little of layer 7.
Spiega come si trova nei livelli 7 e 5.
Ma queste diapositive spiegano l'attacco BEAST su SSL / TLS dice il suo sul livello 6,
Qualcuno può spiegare (se possibile con un diagramma) dove avviene esattamente SSL / TLS?