- SSL 协议概要
[RFC-2246][handshake | alert | change_cipher_spec | application_data]------------------------------------------------------------------Record Protocol
change_cipher_spec -- notify receiving party that subsequent records will be protected under the newly negotiated CipherSpec and keys.alterhandshakeapplicateion data
Record Protocolprivate --- data encrytion with symmetric cryptographyreliable --- message integrity check with keyed MAC( Message Authentication Code)
Record Data:( multiple client messages of the same ContentType may be coalesced into a single TLSPlaintext record, or a single message may be fragmented across several records )
enum {change_cipher_spec(20), alert(21), handshake(22),application_data(23), (255)} ContentType;
struct {ContentType type;ProtocolVersion version;uint16 length;opaque fragment[TLSPlaintext.length];} TLSPlaintext;
TLSPlaintext 根据session state定义的compress/encryption进一步计算成TLSCompressed/TLSCiphertext(includes encrpt data, MAC)
四次握手:1、client 发送client hello(包含协议版本号, 客户端随机数,客户端支持的加密方法),2、server确认双方使用的加密方法,回应自己的certificate(包含公钥)和 服务端随机数3、client确认证书有效(通过根证书验证),生成一个 新的随机数 ,以公钥加密发送到server,同时客户端 根据加密方法 使用之前的三个随机数生成对话密钥(session-key)server使用私钥获得客户端发送的随机数,根据加密方法使用前面的三个随机数生成对话密钥(session-key)4、server回应终端。
ChangeCipherSpec 指示开始使用新协商的SessionParameters加密数据ServerKeyExchange仅在Certificate中没有提供足够Client计算pre-master-key时需要(rfc2246-7.4.3)CertificateRequest, ClientCertificate, CertificateVerify仅在需要对Client认证时需要.
最重要的是第三个随机数不会被中间人获取。
握手过程详解:
后续数据交互双发使用约定的加密方法对话密钥进行加密.
Session-ID:用以进行session复用的ID,server端维护了session-id <--> session信息的映射。
session-ticket服务端将Session信息加密生成ticket,通过NewSessionTicket-message发送终端保存ticket对终端透明,终端自行存储ticket及对应的session信息,下次建立ssl connection时通过sessionticket extension将ticket发送到server验证以恢复session信息。aes加密防盗取,mac防修改struct {opaque key_name[16];opaque iv[16];opaque encrypted_state<0..2^16-1>;opaque mac[32];} ticket;struct {ProtocolVersion protocol_version;CipherSuite cipher_suite;CompressionMethod compression_method;opaque master_secret[48];ClientIdentity client_identity;uint32 timestamp;} StatePlaintext;
- SSL证书
【X.509】RFC-5280:Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
The structure of an X.509 v3 digital certificate is as follows:
- Certificate
-
- Version
- Serial Number ------ unique for each certificate issued by same issurer.
- Signature ------ same as "Certificate Signature Algorithm" after Certificate
- Issuer
- Validity
-
- Not Before
- Not After
- Subject
- Subject Public Key Info ------ plain text, to encrypt the pre-master-key in ssl-handshake
-
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier (optional)
- Subject Unique Identifier (optional)
- Extensions (optional)
-
- ...
- Certificate Signature Algorithm
- Certificate Signature ------ use the issuer's public key to decrypt signature and compare with hash(certificate-blue part)
Certificate Chain: (ssl-handshake-certificate message includes multiple certificates)
- The Issuer of each certificate (except the last one) matches the Subject of the next certificate in the list.
- Each certificate (except the last one) is supposed to be signed by the secret key corresponding to the next certificate in the chain (i.e. the signature of one certificate can be verified using the public key contained in the following certificate).
- The last certificate in the list is a trust anchor: a certificate that you trust because it was delivered to you by some trustworthy procedure.
- 中间人拦截分析工具
sslsplit -- https://github.com/droe/sslsplit
- 参考资料
协议:ssl_3.0_rfc6101,tls_1.2_rfc5246,tls_1.0_rfc2246其中tls 1.0是目前广泛使用的协议
SSL/TLS简介:
图解SSL/TLS
api demo
api doc
openssl document:
附件:
Whatsapp-ssl
扫一扫
5934
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
