理解 HTTPS 的工作原理

This message conveys the client’s certificate chain to the server; the server will use it when verifying the CertificateVerify message (when the client authentication is based on signing) or calculating thepremaster secret (for non-ephemeral Diffie- Hellman). The certificate MUST be appropriate for the negotiated cipher suite’s key exchange algorithm, and any negotiated extensions.

Alert protocol有什么作用?

Closure Alerts：防止Truncation Attack

In a truncation attack, an attacker inserts into a message a TCP code indicating the message has finished, thus preventing the recipient picking up the rest of the message. To prevent this, SSL from version v3 onward has a closing handshake, so the recipient knows the message has not ended until this has been performed.

Error Alerts：错误处理

master secret是如何计算的

master_secret = PRF(pre_master_secret, "master secret", 
 ClientHello.random + ServerHello.random) 
 [0..47]; 

加密，压缩和MAC算法参数是如何计算的

Handshaking Protocols使得客户端和服务端交换了三个参数：client_random，server_random和master_secret，通过以下算法生成算法所需要的参数

To generate the key material, compute 
 key_block = PRF(SecurityParameters.master_secret, 
 "key expansion", 
 SecurityParameters.`server_random ` + 
 SecurityParameters.`client_random`); 
until enough output has been generated. Then, the key_block is 
partitioned as follows: 
 client_write_MAC_key[SecurityParameters.mac_key_length] 
 server_write_MAC_key[SecurityParameters.mac_key_length] 
 client_write_key[SecurityParameters.enc_key_length] 
 server_write_key[SecurityParameters.enc_key_length] 
 client_write_IV[SecurityParameters.fixed_iv_length] 
 server_write_IV[SecurityParameters.fixed_iv_length] 

（编辑：西安站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!