Cryptography Reference
In-Depth Information
Whereas only the client can initiate a session resumption — by including a
previously agreed-upon session identifi er in its client hello — either side can
initiate session renegotiation. After a TLS session has been established, the client
can issue a new client hello at any time. This new client hello should be encrypted
using the currently active cipher suite. The server recognizes an out-of-place
client hello message as an indication that it should perform a renegotiation; the
remainder of the handshake proceeds as normal, except that all messages are
encrypted. Of course, when the change cipher spec message is received, the
keying material — and potentially the cipher suite itself — changes.
Supporting the Hello Request
What about the server? How does it initiate a session renegotiation? Does it
just send a server hello message unprompted? TLS could have been designed
this way, but remember that the client and server random values are part of the
handshake process. If you're going to go to all the trouble to renegotiate new
keying material, you might as well go ahead and change the random values as
well. Therefore, TLS defi nes one last handshake message type: the
Hello Request
.
This is a simple marker message that tells the client that it should send a new
client hello and begin a new handshake. The client should be prepared to receive
this message at any time.
The handshake hash should be reset when a hello request is received; the
fi nished message is the digest of all handshake messages that constituted
the current handshake, not all handshake messages that have occurred on the
current connection.
Adding support for session renegotiation is actually pretty simple. As always,
add a new case to handle it in
receive_tls_message
in Listing 8-36.
Listing 8-36:
“tls.c” receive_tls_message with session renegotiation support
static int receive_tls_msg( int connection,
char *buffer,
int bufsz,
TLSParameters *parameters )
{
…
case hello_request: // Tell the client to start again from the beginning
// No data in the hello request, nothing to parse
if ( parameters->connection_end != connection_end_client )
{
// This shouldn't be sent to a server, and it shouldn't
// be sent until the first negotiation is complete.
send_alert_message( connection, unexpected_message,
¶meters->active_send_parameters );
return -1;
}
Search WWH ::
Custom Search