Cryptography Reference
In-Depth Information
…
// Server-side messages
case client_hello:
if ( parse_client_hello( read_pos, handshake.length,
parameters ) == NULL )
{
send_alert_message( connection, illegal_parameter,
¶meters->active_send_parameters );
return -1;
}
read_pos += handshake.length;
break;
...
Parsing and processing the client hello message involves, at a bare minimum,
selecting one of the offered cipher suites. The easiest way to do this is to cycle
through the list of cipher suites that the client offers and select the fi rst one
that the server understands. Note that this is not necessarily the best strategy;
ideally the server would select the strongest suite that both sides understand.
On the other hand, client designers can meet server designers halfway and
sort the cipher suite list by cipher strength so that the server's cipher selection
code can be simpler. The specifi cation states that the client hello should include
its “favorite cipher fi rst.” However, there are no suggestions on what criteria it
ought to use in selecting a favorite. This does imply that the server probably
ought to select the fi rst one it recognizes, but does not actually mandate this.
Parsing the client hello message is shown in Listing 7-9.
Listing 7-9:
“tls.c” parse_client_hello
static char *parse_client_hello( char *read_pos,
int pdu_length,
TLSParameters *parameters )
{
int i;
ClientHello hello;
read_pos = read_buffer( ( void * ) &hello.client_version.major,
( void * ) read_pos, 1 );
read_pos = read_buffer( ( void * ) &hello.client_version.minor,
( void * ) read_pos, 1 );
read_pos = read_buffer( ( void * ) &hello.random.gmt_unix_time,
( void * ) read_pos, 4 );
// *DON'T* put this in host order, since it's not used as a time! Just
// accept it as is
Search WWH ::
Custom Search