Databases Reference
In-Depth Information
Client
Server
BEFORE+ACCEPT
ClientHello (
SR_CLNT_HELLO
)
ServerHello (
SW_SRVR_HELLO
)
Certificate (
SW_CERT
)
ServerKeyExchange (
SW_KEY_EXCH
)
CertificateRequest (
SW_CERT_REQ
)
ServerHelloDone (
SW_SRVR_DONE
)
SW_FLUSH
Certificate (
SR_CERT
)
ClientKeyExchange (
SR_KEY_EXCH
)
CertificateVerify (
SR_CERT_VRFY
)
Change cipher spec
Finished (
SR_FINISHED
)
Change cipher spec (
SW_CHANGE
)
Finished (
SW_FINISHED
)
SW_FLUSH
OK
FIGURE 8.27: SSL handshake protocol states.
tion. The SSL protocol provides secure communication over TCP/UDP using
public key cryptography [74]. We focused on the handshake protocol that
performs authentication and establishes important cryptographic parameters
before data transmission starts.
Figure 8.27 illustrates the handshake protocol (derived from the SSL spec-
ification) [74]. The three boxes with dashed outlines contain internal events
introduced by the OpenSSL implementation but not specified in the SSL spec-
ification. The remaining boxes contain sequences of events corresponding to
messages defined by the SSL handshake protocol. We gave each server event a
more descriptive name and showed the original server event in the parentheses.
The handshake protocol begins when the server receives a
ClientHello
message from a client. Then the server sends out five messages consecu-
tively (
ServerHello
,
(Certificate,
,
ServerKeyExchange
,
CerticateRequest
, and
Server-
HelloDone
). Next, the server enters the
SR CERT
state in which it tries to read
certificate from the client (whether or not the client sends its certificate de-
pends on the server's certicate request message). Then the server reads four
consecutive messages from the client (
(Certificate,
,
ClientKeyExchange
,
CertificateV-
Search WWH ::
Custom Search