Cryptography Reference
In-Depth Information
SSLv2 didn't give any special treatment to connection closing as SSLv3 did,
so closing the socket requires no special processing.
Examining an HTTPS End-to-End Example
I'm sure you'd like to see this code in action. It's very unlikely that you can fi nd
a public website that accepts an SSLv2 connection, so if you want to see this
code run you have to start a server locally. You can do this with OpenSSL; it has
a built-in
s_server
command that is designed specifi cally to test implementa-
tions. You need to supply a path to a certifi cate and the corresponding private
key; Chapter 5 discusses how to generate these.
On the command line, run
[jdavies@localhost ssl]$ openssl s_server -accept 8443 -cert cert.pem \
-key key.pem
Enter pass phrase for key.pem:
Using default temp DH parameters
ACCEPT
Now, run the
https
application developed in this appendix:
[jdavies@localhost ssl]$ ./https https://localhost:8443/index.html
Connecting to host 'localhost' on port 8443
Connection complete; negotiating SSL parameters
Retrieving document: 'index.html'
sending: GET /index.html HTTP/1.1
Displaying Response...
data: HTTP/1.0 200 ok
Content-type: text/html
<HTML><BODY BGCOLOR=”#ffffff”>
<pre>
s_server -accept 8443 -cert cert.pem -key key.pem -www
Ciphers supported in s_server binary
…
Viewing the TCPDump Output
To see what's going on beneath the hood, you can run the
tcpdump
application
while you run the
https
application. You need to make sure to listen on the
“loopback” interface because you're running both client and server on your
localhost. If you listen on your actual Ethernet card, you won't see any traffi c.
With
tcpdump
enabled, if you re-run the
https
command again, you see
something like this:
[root@localhost ssl]# /usr/sbin/tcpdump -s 0 -x -i lo tcp port 8443
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
Search WWH ::
Custom Search