Cryptography Reference
In-Depth Information
CHAPTER
8
Advanced SSL Topics
The prior two chapters examined the TLS handshake process in detail, walk-
ing through each message that each side must send and receive. So far, you've
looked at the most common use of SSL/TLS — a server-authenticated RSA key
exchange. However, there are actually quite a few more options available to the
user when performing a TLS handshake. Some potential scenarios are simpler,
and some are more complex than those presented so far — it's possible to con-
nect without authenticating the server, or to force the client to authenticate itself,
or to employ different key exchange mechanisms. It's even possible to bypass
the handshake completely, if secure parameters have already been negotiated.
This chapter looks at the less common — or not strictly required — but still
important aspects of the TLS handshake.
Passing Additional Information with Client Hello
Extensions
Peek back to the defi nition of the handshake messages defi ned in Chapter
6. Although each one is prepended with a length, most of them — with the
exception of the certifi cate message — have lengths that are fi xed or that can
easily be inferred from their structure. The client hello message, for instance,
is a fi xed two bytes of version information, 32 bytes of random data, and three
Search WWH ::
Custom Search