TLS handshake
来源:互联网 发布:上海网站排名优化 编辑:程序博客网 时间:2024/06/05 03:26
Simple TLS handshake
A simple connection example follows, illustrating a handshake where the server (but not the client) is authenticated by its certificate:
- Negotiation phase:
- A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggestedCipherSuites and suggested compression methods. If the client is attempting to perform a resumed handshake, it may send asession ID.
- The server responds with a ServerHello message, containing the chosen protocol version, a random number, CipherSuite and compression method from the choices offered by the client. To confirm or allow resumed handshakes the server may send a session ID. The chosen protocol version should be the highest that both the client and server support. For example, if the client supports TLS1.1 and the server supports TLS1.2, TLS1.1 should be selected; SSL 3.0 should not be selected.
- The server sends its Certificate message (depending on the selected cipher suite, this may be omitted by the server).[22]
- The server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
- The client responds with a ClientKeyExchange message, which may contain aPreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.) ThisPreMasterSecret is encrypted using the public key of the server certificate.
- The client and server then use the random numbers andPreMasterSecret to compute a common secret, called the "master secret". All other key data for this connection is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".
- The client now sends a ChangeCipherSpec record, essentially telling the server, "Everything I tell you from now on will be authenticated (and encrypted if encryption parameters were present in the server certificate)." The ChangeCipherSpec is itself a record-level protocol with content type of 20.
- Finally, the client sends an authenticated and encryptedFinished message, containing a hash and MAC over the previous handshake messages.
- The server will attempt to decrypt the client's Finished message and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.
- Finally, the server sends a ChangeCipherSpec, telling the client, "Everything I tell you from now on will be authenticated (and encrypted, if encryption was negotiated)."
- The server sends its authenticated and encryptedFinished message.
- The client performs the same decryption and verification.
- Application phase: at this point, the "handshake" is complete and the application protocol is enabled, with content type of 23. Application messages exchanged between client and server will also be authenticated and optionally encrypted exactly like in their Finished message. Otherwise, the content type will return 25 and the client will not authenticate.
[edit]Client-authenticated TLS handshake
The following full example shows a client being authenticated (in addition to the server like above) via TLS using certificates exchanged between both peers.
- Negotiation phase:
- A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods.
- The server responds with a ServerHello message, containing the chosen protocol version, a random number, cipher suite and compression method from the choices offered by the client. The server may also send asession id as part of the message to perform a resumed handshake.
- The server sends its Certificate message (depending on the selected cipher suite, this may be omitted by the server).[22]
- The server requests a certificate from the client, so that the connection can be mutually authenticated, using aCertificateRequest message.
- The server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
- The client responds with a Certificate message, which contains the client's certificate.
- The client sends a ClientKeyExchange message, which may contain aPreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.) ThisPreMasterSecret is encrypted using the public key of the server certificate.
- The client sends a CertificateVerify message, which is a signature over the previous handshake messages using the client's certificate's private key. This signature can be verified by using the client's certificate's public key. This lets the server know that the client has access to the private key of the certificate and thus owns the certificate.
- The client and server then use the random numbers andPreMasterSecret to compute a common secret, called the "master secret". All other key data for this connection is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function".
- The client now sends a ChangeCipherSpec record, essentially telling the server, "Everything I tell you from now on will be authenticated (and encrypted if encryption was negotiated)." The ChangeCipherSpec is itself a record-level protocol and has type 20 and not 22.
- Finally, the client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.
- The server will attempt to decrypt the client's Finished message and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.
- Finally, the server sends a ChangeCipherSpec, telling the client, "Everything I tell you from now on will be authenticated (and encrypted if encryption was negotiated)."
- The server sends its own encrypted Finished message.
- The client performs the same decryption and verification.
- Application phase: at this point, the "handshake" is complete and the application protocol is enabled, with content type of 23. Application messages exchanged between client and server will also be encrypted exactly like in their Finished message. The application will never again return TLS encryption information without a type 32 apology.
SSL Header:
0
1..4
5..(m-1)
m..(p-1)
p..(q-1)
- Content type
- This field identifies the Record Layer Protocol Type contained in this Record.
Content types Hex Dec Type 0x1420ChangeCipherSpec0x1521Alert0x1622Handshake0x1723Application
- Version
- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be thehighest version supported by the client.
Versions Major Version Minor Version Version Type 30SSL 3.031TLS 1.032TLS 1.133TLS 1.2
- Length
- The length of Protocol message(s), not to exceed 214 bytes (16 KiB).
- Protocol message(s)
- One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection.
- MAC and Padding
- A message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection.
- No MAC or Padding can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.
- TLS handshake
- 【SSL/TLS】TLS Stack and HandShake detail
- SSL/TLS Handshake 握手 连接
- Docker Ubuntu TLS handshake failed
- #杂问#TLS的handshake步骤
- TLS handshake过程中的Hello消息
- TLS协议分析 (四) handshake协议概览
- TLS协议分析 (六) handshake协议扩展
- TLS Handshake Flow(extracts from RFCs)
- TLS协议分析 (五) handshake协议 证书与密钥交换
- TLS/SSL 协议详解 (19) Encrypted handshake message
- Pull Docker image的时候遇到docker pull TLS handshake timeout如何解决?
- SSL/TLS的Handshake过程与javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure异常
- Ubuntu 16.04 安装Docker ,Pull Docker image的时候遇到docker pull TLS handshake timeout
- docker init hello world 遇到docker:Error response from daemon TLS handshake timeout
- SSL/TLS的Handshake过程与javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure异常
- 问题:使用docker时报错“net/http: TLS handshake timeout”的解决方案
- SSL/TLS的Handshake过程与javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure异常
- Java HotSpot VM Options
- Android程序的退出终于完美解决
- 内存申请与一级二级指针
- 防止重复点击的临时解决方法
- 二分图 poj1274 (匈牙利算法)
- TLS handshake
- 使用Perl连接Mysql数据库
- Linux操作系统下MySQL数据库的使用方法
- MiniLauncher代码
- Java Stack 和Queues,先转过来,慢慢看
- VB6源代码收藏页面
- 总结过去10年的程序员生涯(转帖)
- VS.net2005写的程序在没有.net framework的机器上运行
- Birt与MyEclipse的集成及Birt的安装部署问题