Cryptography Reference
In-Depth Information
client
server
client hello (ff01 0001 00)
server hello (ff01 0001 00)
.
.
.
handshake continues
finished (e3945aa7b226794d96cfcaf7)
finished (45c4904ac71a5948a7198e18)
.
.
.
application takes over
client decides to
renegotiate
client hello (ff01 000e 000e e3945aa7b226794d96cfcaf7)
server hello (ff01 000a 0018 e3945aa7b226794d96cfcaf7 45c4904ac71a5948a7198e18)
Figure 8-7:
Secure renegotiation example
Implementing Secure Renegotiation
To add secure renegotiation to the TLS client:
1. Add parameters to keep track of the client and server verify data, as well
as a fl ag to indicate whether both sides support secure renegotiation, as
shown in Listing 8-38.
Listing 8-38:
“tls.h” TLSParameters with saved verify data
typedef struct
{
…
int support_secure_renegotiation;
unsigned char client_verify_data[ VERIFY_DATA_LEN ];
unsigned char server_verify_data[ VERIFY_DATA_LEN ];
}
TLSParameters;
Search WWH ::
Custom Search