A Usable, Secure Communications Protocol: Client-Side TLS - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

TLS_RSA_WITH_NULL_MD5 = 0x0001,

TLS_RSA_WITH_NULL_SHA = 0x0002,

TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,

TLS_RSA_WITH_RC4_128_MD5 = 0x0004,

TLS_RSA_WITH_RC4_128_SHA = 0x0005,

TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,

TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,

TLS_RSA_WITH_DES_CBC_SHA = 0x0009,

TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,

…

} CipherSuiteIdentifier;

Notice the NULL cipher suites 0, 1 and 2. TLS_NULL_WITH_NULL_NULL indicates

that there's no encryption, no MAC and no key exchange. This is the default

state for a TLS handshake — the state it starts out in. Cipher suites 1 and 2 allow

a non-encrypted, but MAC'ed, cipher suite to be negotiated. This can actually

be pretty handy when you're trying to debug something and you don't want to

have to decrypt what you're trying to debug. Unfortunately for the would-be

debugger, for obvious security reasons, most servers won't allow you to negoti-

ate this cipher suite by default.

There's no particular rhyme or reason to the identifi ers assigned to the vari-

ous cipher suites. They're just a sequential list of every combination that the

writers of the specifi cation could think of. They're not even grouped together

meaningfully; the RSA key exchange cipher suites aren't all in the same place

because after the specifi cation was drafted, new cipher suites that used the RSA

key exchange method were identifi ed. It would certainly have been nicer, from

an implementer's perspective, if they had allocated, say, three bits to identify

the key exchange, fi ve bits to identify the symmetric cipher, two for the MAC,

and so on.

Additional cipher suites are examined later on. For now, you're just writing

a client that understands only 3DES, RSA, and SHA-1.

Flattening and Sending the Client Hello Structure

Now that the ClientHello message has been built, it needs to be sent on. If you

look at RFC 2246, which describes TLS, you see that the formal description of

the client hello message looks an awful lot like the C structure defi ned here.

You may be tempted to try to just do something like this:

send( connection, ( void * ) &package, sizeof( package ), 0 );

This is tempting, but your compiler thwarts you at every turn, expanding

some elements, memory-aligning others, and generally performing unexpected

optimizations that cause your code to run faster and work better (the nerve!).

Although it is possible to include enough compiler directives to force this struc-

ture to appear in memory just as it needs to appear on the wire, you'd be, at the

Search WWH ::

Custom Search

Home