Cryptography Reference
In-Depth Information
nothing to indicate that this is a handshake message to begin with. The receiver
is supposed to keep track of where it is in the overall exchange. In other words,
if the server hasn't gotten any data yet, it should assume that the next message
it receives will be a
ClientHello
handshake message.
Every record transmitted over an SSL-secured channel must start with
this header, including encrypted application data. When data is encrypted,
the header is stripped off, the data is decrypted, and then it's passed up to the
calling function.
The only potentially confusing part of the
send_message
function in Listing
C-13 is this:
buffer[ 0 ] |= 0x80; // indicate two-byte length
SSLv2 allows for two- or three-byte payload lengths. In a nod toward effi -
ciency, the SSLv2 protocol designers borrowed a page from the ASN.1 protocol
designers' playbook and used the fi rst bit of the fi rst byte to indicate the length
of the length. If the most signifi cant bit of the fi rst byte is 1, this is a two-byte
length. This function is extended for three-byte lengths later.
At this point, the server accepts the client hello, processes it or rejects it with
an error, and sends back its own hello message.
SSL Server Hello
The
ServerHello
message is structured as in Listing C-14.
Listing C-14:
“ssl.h” ServerHello declaration
typedef struct
{
unsigned char session_id_hit;
unsigned char certificate_type;
unsigned char server_version_major;
unsigned char server_version_minor;
unsigned short certificate_length;
unsigned short cipher_specs_length;
unsigned short connection_id_length;
signed_x509_certificate certificate;
unsigned char *cipher_specs;
unsigned char *connection_id;
}
ServerHello;
The fi rst byte,
session_id_hit
, is a true/false indicator of whether the session
ID supplied was recognized by the server — 0 for false, 1 for true. Of course,
if the client doesn't supply a session ID indicating a request for a brand-new
session,
session_id_hit
is always 0.
Search WWH ::
Custom Search