WHAT A HANDSHAKE :) Phase 1 Initiate Connection • Version (highest SSL version understood by client) • Randomize (client-generated random structure; 32-bit timestamp and 28 bytes from secure random number generator; used during key exchange to prevent replay attacks) • Session ID (variable-length; nonzero indicates client wishes to update existing connection or create new connection on session; zero indicates client wishes to establish new connection on new session) • CipherSuite (list of cryptographic algorithms supported by client; each element defines key exchange algorithm and CipherSpec) • Compression Method that client supports • Client waits for server_hello message (same parameters as client_hello) Phase 2 • Depends on underlying encryption scheme • Final message in Phase 2 is server_done (required) Phase 3 • On receipt of server_done, client verifies certificate if required and check server_hello parameters • Client sends messages to server, depending on underlying public-key scheme Phase 4 • Completes setting up • Client sends change_cipher_spec • Copies pending CipherSpec into current CipherSpec (not considered part of Handshake Protocol; sent using Change Cipher Spec Protocol) • Client sends finished message under new algorithms, keys, and secrets • Finished message verifies key exchange and authentication successful • Server sends own change_cipher_spec message • Transfers pending to current CipherSpec • Sends its finished message • Handshake complete
Posted on: Sat, 17 Aug 2013 01:16:55 +0000
Trending Topics
Recently Viewed Topics
© 2015