SSL握手步骤【收藏】

http://www.codeweblog.com/ssl-handshake-process-of-interaction-and/

SSL to send a message in the following order:
1.Client Hello
Client sends the server information including passwords group it supports. Password set in cryptographic algorithms and key sizes;
2.Server Hello
The server choose the client and server support the password set to the client.
3.Certificate
Server sends a certificate or a certificate chain to the client, a certificate chain, starting at the end of the server public key certificate and the root certificate authority in the show. This information is optional, but the server certificate as necessary, to use it.
4.Certificate request
When the server needs to identify clients, it sends a certificate request to the client. In web applications, very little to send the message.
5.Server key exchange
When the server sends to the public key of the key exchange is not very good when a server key exchange message to send.
6.Server hello done
Server to tell clients to complete its initialization flow of information.
7.Certificate
If the server requires a client certificate, the client sends a certificate chain. (Only when the server requires client certificate)
8.Client key exchange
Customers generate a key for the symmetric algorithm. Customers with a server on the RSA public key cryptography this key information and send it to the server.
9.Certificate verify
In web applications, very few send this message, it is primarily used to allow the server to handle the end of the customer identification. When using this information, the client sends a password function of the digital signature information to the server, when the service ended with a public key to decrypt the message, the server can identify clients.
10.Change cipher spec
Client sends a message to tell the server to change the encryption mode.
11.Finished
Client tells the server it is ready to secure data communication.
12.Change cipher spec
Server sends a message to the client and tell clients modify encrypted mode.
13.Finished
Server tells the client that it is ready to secure data communication. This is a client-server handshake protocol the last step.
14.Encrypted data
Client with the server using a symmetric encryption algorithm and cryptographic functions, and with the client to the server secret key encrypted communication.
SSL handshake process:
Extracted from the "SSL and TLS"
Objective:
1. The client and server need to protect data on a set of algorithms for consensus;
2. They need to establish a set of algorithms that are used by the encryption key;
3. Handshake can also choose to authenticate the client.

Process:
1. Client list and its support for the algorithm used to generate a random number key sent to the server;
2. Server list from the algorithm to choose a encryption algorithm, and it contains the server public key and a certificate sent to the client; The certificate also contains the server ID for authentication purposes, the server also provides a generate random numbers for keys;
3. Client-side validation on the server's certificate (certificate of verification, can refer to the digital signature), and to take the server's public key; then, and then generate a random password string called pre_master_secret, and use the server's public key pair The encrypted (refer to non-symmetric encryption / decryption), and encrypted information is sent to the server;
4. Client-side and server-side and under the pre_master_secret client and server calculate a random value independent encryption and MAC keys (see DH key exchange algorithm).
5. Client MAC values of all handshake messages sent to the server;
6. Server MAC values of all handshake messages sent to the client.

Step 5 and 6 to prevent themselves from being tampered with shaking hands. Envisaged an attacker wants to control the use of client and server algorithms. Client offers a variety of algorithms are quite common, some of the strength of weak and some strong intensity, in order to be able to support the weak intensity algorithm with only the server to communicate. An attacker can remove the client provided in step 1 all the high-intensity algorithm, so they force the server to choose a weak strength of the algorithm. Step 5 and Step 6 of the MAC be able to prevent the exchange of such attacks, because the client's MAC is calculated according to the original message, but the server's MAC is modified according to the news of the attacker is calculated, so that after inspection will find do not match. As provided by the client and server random number key generation process, and so the hands will not be replay attacks. The message is the first in a new encryption algorithm and key messages encrypted under.

Just described every step through one or more handshake messages to achieve. In this first message with a brief description of which corresponds to what steps, then a detailed description of the contents of each message. The following diagram describes the messages:

Step 1 corresponds to a single handshake message, ClientHello.
Step 2 corresponds to a SSL handshake message, the server sends the first message to ServerHello, which contains its chosen method, then again in the Certificate message send their certificates. Finally, the server sends a message to indicate ServerHelloDone the completion of the handshake stage. Need ServerHelloDone because some of the more complex variants would also like to shake hands after the Certifacate send other messages. When the client receives ServerHelloDone message, it knows there will be no other similar news coming, so he can continue it on this side of the handshake.
Step 3 corresponds to ClientKeyExchange news.
Step 5 and 6 corresponding Finished message. The news is just negotiated the first algorithm used to protect the information. In order to prevent the handshake has been tampered with, the contents of the message to all the previous stage handshake message MAC. However, the Finished message is a good method of protection, consultations, so they will have consultations with the new MAC key - a message from the calculation of the value of their MAc.
Note that the image above omits two ChangeCipherSpec news.
SSL Record Protocol:
In SSL, the actual data transmission is to use the SSL record protocol to achieve. SSL record protocol is divided by the data stream into a series of clips and transfer them to work, in which each fragment separately protection and transmission. In the receiver, each record on a separate decryption and verification. This program has resulted in the figures have been ready to be sent from one end to connect to the other end, and received instantly be addressed.
In the transmission segment, you must prevent attacks. MAC can be calculated to provide data integrity protection. MAC transmitted together with the fragment, verified by the receiver to achieve. The MAC appended to the fragment of the tail, and data and integrate the contents of the MAC is encrypted to form encrypted Load (Payload). Finally on top of information to the load equipment. Header information and encrypted links to known records of load (record), record the actual transfer of the content is. The following diagram describes the transfer process:

1. Recorded the first message:
Record header information is to receive the work to achieve (receiving implementation) to explain the records provided the necessary information. In practice, it refers to three types of information: content type, length, and SSL version. Length field can the receiver is aware that he was taken from the line Duoshao octet processing the message, version number, Zhi Shi 1 to ensure that each party use the consultation version of the redundancy check. Content-Type field indicates the message type.
2. SSL Record Type:
SSL support for the four content types: application_data, alert, handshake and change_cipher_spec.
Use SSL, software to send and receive all the data are based on application_data type to send, the other three kinds of Neirongleixing used on communications Jinxingguanli, Ruwan Cheng handshake and reporting Cuowu so.
Content type alert is mainly used for reporting all types of errors. Most of the alert (warning) for reporting handshake Chuxian problems, but there are some instructions to try to Jin Xing Ji Lu Zai right or Renzheng decryption errors that occur, alert messages to other Yongtu yes instructions would be Guanbi Lian Jie.
Used to carry content type handshake handshake message. Even if the initial connection handshake message is formed by the recording layer in order to handshake types of records to load the. As the encryption key has not yet established, these initial message was not encrypted or authentication, but the other process is the same. Possible existing connections on a new handshake initialization, in this case, the new record is like shaking hands, like other data, to go through encryption and authentication.
change_cipher_spec recorded message said to change the encryption and authentication. Once the handshake agreed on a new set of keys, the send change_cipher_spec to indicate at this point will enable the new key.
Work with a variety of sources:
As we have seen, SSL is a layered protocol, it is a recording layer and recording layer of a CD bearing the same message type composition. And the recording layer will by some reliable transport protocol such as TCP to carry. The following diagram describes the structure of the Association to:

 

The complete process a ssl connection: