Contents:
- 1 Áֿ丵ũ
- 2 SSL v2.0 ±¸Á¶
- 2.1 Typical Protocol Message Flow
- 2.1.1 Assuming no session-identifier
2.1 Typical Protocol Message Flow #
The following sequences define several typical protocol message flows for the SSL Handshake Protocol. In these examples we have two principals in the conversation: the client and the server. We use a notation commonly found in the literature 10. When something is enclosed in curly braces "{something}key" then the something has been encrypted using "key".
2.1.1 Assuming no session-identifier #
client-hello C -> S: challenge, cipher_specs
server-hello S -> C: connection-id,server_certificate,cipher_specs
client-master-key C -> S: {master_key}server_public_key
client-finish C -> S: {connection-id}client_write_key
server-verify S -> C: {challenge}server_write_key
server-finish S -> C: {new_session_id}server_write_key
2.1.2 Assuming a session-identifier was found by both client & server #
client-hello C -> S: challenge, session_id, cipher_specs
server-hello S -> C: connection-id, session_id_hit
client-finish C -> S: {connection-id}client_write_key
server-verify S -> C: {challenge}server_write_key
server-finish S -> C: {session_id}server_write_key
2.1.3 Assuming a session-identifier was used and client authentication is used #
client-hello C -> S: challenge, session_id, cipher_specs
server-hello S -> C: connection-id, session_id_hit
client-finish C -> S: {connection-id}client_write_key
server-verify S -> C: {challenge}server_write_key
request-certificate S -> C: {auth_type,challenge'}server_write_key
client-certificate C -> S: {cert_type,client_cert,response_data}client_write_key
server-finish S -> C: {session_id}server_write_key
In this last exchange, the response_data is a function of the auth_type.
2.2 SSL Handshake Protocol Messages #
1 ///////////////////////////////////////////////////////////////////////////
2 // DATA TYPE
3
4 typedef unsigned char uint8;
5 typedef unsigned short uint16;
6 typedef unsigned long uint32;
7
8 ///////////////////////////////////////////////////////////////////////////
9 // Client Only Protocol Messages
10
11 // CLIENT-HELLO (Phase 1; Sent in the clear)
12 struct SSL_V2_ClientHello
13 {
14 uint8 msg_type;
15
16 struct ProtocolVersion
17 {
18 uint8 minor; // 0
19 uint8 major; // 2
20 };
21
22 uint16 cipher_specs_length; // 3
23 uint16 session_id_length; // 0
24 uint16 challenge_length; // 16 or 32
25
26 uint8 cipher_specs[ cipher_specs_length ]; // { 0x01, 0x00, 0x80 }
27 uint8 session_id[ session_id_length ];
28 uint8 challenge[ challenge_length ];
29 };
30
31 // CLIENT-MASTER-KEY (Phase 1; Sent primarily in the clear)
32 struct SSL_V2_ClientMasterKey
33 {
34 uint8 msg_type;
35
36 uint8 cipher_kind[ 3 ]; // { 0x01, 0x00, 0x80 }
37
38 uint16 clear_key_length;
39 uint16 encrypted_key_length;
40 uint16 key_arg_length;
41
42 uint8 clear_key[ clear_key_length ];
43 uint8 encrypted_key[ encrypted_key_length ];
44 uint8 key_arg[ key_arg_length ];
45 };
46
47 // CLIENT-CERTIFICATE (Phase 2; Sent encrypted)
48 struct SSL_V2_ClientCertificate
49 {
50 uint8 msg_type;
51
52 uint8 certificate_type;
53
54 uint16 certificate_length;
55 uint16 response_length;
56
57 uint8 certificate[ certificate_length ];
58 uint8 response[ response_length ];
59 };
60
61 // CLIENT-FINISHED (Phase 2; Sent encrypted)
62 struct SSL_V2_ClientFinished
63 {
64 uint8 msg_type;
65
66 uint8 connection_id[ connection_id_length ];
67 };
68
69 ///////////////////////////////////////////////////////////////////////////
70 // Server Only Protocol Messages
71
72 // SERVER-HELLO (Phase 1; Sent in the clear)
73 struct SSL_V2_ServerHello
74 {
75 uint8 msg_type;
76
77 uint8 session_id_hit;
78 uint8 certificate_type;
79
80 struct ProtocolVersion
81 {
82 uint8 minor;
83 uint8 major;
84 };
85
86 uint16 certificate_length;
87 uint16 cipher_specs_length;
88 uint16 connection_id_length;
89
90 uint8 certificate[ certificate_length ];
91 uint8 cipher_specs[ cipher_specs_length ];
92 uint8 connection_id[ connection_id_length ];
93 };
94
95 // SERVER-VERIFY (Phase 1; Sent encrypted)
96 struct SSL_V2_ServerVerify
97 {
98 uint8 msg_type;
99
100 uint8 challenge[ challenge_length ];
101 };
102
103 // SERVER-FINISHED (Phase 2; Sent encrypted)
104 struct SSL_V2_ServerFinished
105 {
106 uint8 msg_type;
107
108 uint8 session_id[ session_id_length ];
109 };
110
111 // REQUEST-CERTIFICATE (Phase 2; Sent encrypted)
112 struct SSL_V2_RequestCertificate
113 {
114 uint8 msg_type;
115
116 uint8 authentication_type;
117
118 uint8 certificate_challenge[ certificate_challenge_length ];
119 };
120
121 ///////////////////////////////////////////////////////////////////////////
122 // Client/Server Protocol Messages
123
124 // ERROR (Sent clear or encrypted)
125 struct SSL_V2_Error
126 {
127 uint8 msg_type;
128
129 uint16 error_code;
130 }
131
2.3 Protocol Constant Values #
This section describes various protocol constants. A special value needs mentioning - the IANA reserved port number for "https" (HTTP using SSL). IANA has reserved port number 443 (decimal) for "https".
1 ///////////////////////////////////////////////////////////////////////////
2 // Protocol Version Codes
3
4 #define SSL_CLIENT_VERSION 0x0002
5 #define SSL_SERVER_VERSION 0x0002
6
7 ///////////////////////////////////////////////////////////////////////////
8 // Protocol Message Codes
9
10 #define SSL_MT_ERROR 0
11 #define SSL_MT_CLIENT_HELLO 1
12 #define SSL_MT_CLIENT_MASTER_KEY 2
13 #define SSL_MT_CLIENT_FINISHED 3
14 #define SSL_MT_SERVER_HELLO 4
15 #define SSL_MT_SERVER_VERIFY 5
16 #define SSL_MT_SERVER_FINISHED 6
17 #define SSL_MT_REQUEST_CERTIFICATE 7
18 #define SSL_MT_CLIENT_CERTIFICATE 8
19
20 ///////////////////////////////////////////////////////////////////////////
21 // Error Message Codes
22
23 #define SSL_PE_NO_CIPHER 0x0001
24 #define SSL_PE_NO_CERTIFICATE 0x0002
25 #define SSL_PE_BAD_CERTIFICATE 0x0004
26 #define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
27
28 ///////////////////////////////////////////////////////////////////////////
29 // Cipher Kind Values
30
31 #define SSL_CK_RC4_128_WITH_MD5 0x01,0x00,0x80
32 #define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x02,0x00,0x80
33 #define SSL_CK_RC2_128_CBC_WITH_MD5 0x03,0x00,0x80
34 #define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x04,0x00,0x80
35 #define SSL_CK_IDEA_128_CBC_WITH_MD5 0x05,0x00,0x80
36 #define SSL_CK_DES_64_CBC_WITH_MD5 0x06,0x00,0x40
37 #define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0x07,0x00,0xC0
38
39 ///////////////////////////////////////////////////////////////////////////
40 // Certificate Type Codes
41
42 #define SSL_CT_X509_CERTIFICATE 0x01
43
44 ///////////////////////////////////////////////////////////////////////////
45 // Authentication Type Codes
46
47 #define SSL_AT_MD5_WITH_RSA_ENCRYPTION 0x01
48
49 ///////////////////////////////////////////////////////////////////////////
50 // Upper/Lower Bounds
51
52 #define SSL_MAX_MASTER_KEY_LENGTH_IN_BITS 256
53 #define SSL_MAX_SESSION_ID_LENGTH_IN_BYTES 16
54 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES 64
55 #define SSL_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767
56 #define SSL_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383
57
Because protocols have to be implemented to be of value, we recommend the following values for various operational parameters. This is only a recommendation, and not a strict requirement for conformance to the protocol.
Session-identifier Cache Timeout
Session-identifiers are kept in SSL clients and SSL servers. Session-identifiers should have a lifetime that serves their purpose (namely, reducing the number of expensive public key operations for a single client/server pairing). Consequently, we recommend a maximum session-identifier cache timeout value of 100 seconds. Given a server that can perform N private key operations per second, this reduces the server load for a particular client by a factor of 100.
![[http]](/wiki2/imgs/http.png)
