ThinMichael is here

I tasted it and begin to hate it

SSL 基础

图胜千言:

 

TCP/IP Protocol Stack With SSL

TCP/IP Layer

Protocol

Application Layer

HTTP, IMAP, NNTP, Telnet, FTP, etc.

Secure Sockets Layer

SSL

Transport Layer

TCP

Internet Layer

IP

How SSL Works: the Handshake in Detail:

  1. Client hello - The client sends the server information including the highest version of SSL it supports and a list of the cipher suites it supports.
  2. Server hello - The server chooses the highest version of SSL and the best cipher suite that both the client and server support and sends this information to the client.
  3. Certificate - If server authentication is required then the server sends the client a certificate or a certificate chain.
  4. Certificate request - If the server needs to authenticate the client, it sends the client a certificate request.
  5. Server key exchange - The server sends the client a server key exchange message when the public key information sent in 3) above is not sufficient for key exchange.
  6. Server hello done - The server tells the client it is finished with its initial negotiation messages.
  1. Certificate - If the server requests a certificate from the client in Message 4, the client sends its certificate chain, like the server did in Message 3.
  2. Client key exchange - The client generates information used to create a key to use for symmetric encryption. For RSA, the client then encrypts this key information with the server's public key and sends it to the server.
  3. Certificate verify – If the server is authenticating the client, the client sends a random number that it digitally signs. When the server decrypts number with the client's public key, the server authenticates the client.
  4. Change cipher spec - The client tells the server to change to encrypted mode.
  5. Finished - The client sends the server a hash of the handshake messages.
  6. Change cipher spec - The server tells the client to change to encrypted mode.
  7. Finished - The server sends the client a hash of the handshake messages.

Encrypted data - The client and the server communicate using the symmetric encryption algorithm and the cryptographic hash function negotiated in Messages 1 and 2, using the secret key that the client sent to the server in Message 8.

阅读更多
个人分类: Ajax 安全性
上一篇Windows 证书服务部署安全基础框架
下一篇唤醒密码学研究的沉寂领域
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭