Cryptography Reference
In-Depth Information
if ( !( send_change_cipher_spec( connection, parameters ) ) )
Almost all of this logic was discussed in the
compute_verify_data
routine
in Listing 6-53 and the
parse_client_key_exchange
in Listing 7-18. The only
thing new here is the formatting of the certifi cate verify message; this is just the
length of the signature, followed by the signature bytes. Network byte ordering
makes this a bit more complex than you might expect it to be, but otherwise
there's not much to it. The full handshake, with optional client authentication,
is shown in Figure 8-6.
client
server
client hello
server hello
certificate
server key exchange
certificate request
hello done
certificate
key exchange
certificate verify
change cipher spec
finished
change cipher spec
finished
Figure 8-6:
TLS handshake with client authentication
As you can see, a full TLS handshake can take as many as 13 independent
messages. However, by taking advantage of message concatenation, this can
be reduced to four network round trips. This is still quite a few, considering
Search WWH ::
Custom Search