Secure Sockets Layer - Jordan University of Science and 安全套接字层 -乔丹科技大学.ppt
Secure Sockets Layer _ - Jordan University of Science and 安全套接字层_ -乔丹科技大学 Agend Definition The idea SSL components if you want to trust the guy who signed it 7 How It Works (Basic Protocol ) The browser negotiates a secure session using something like the following protocol: 1: A->B: hello 2: B->A: Hi, I'm Bob, bobs-certificate 3: A->B: prove it 4: B->A: Alice, This Is bob { digest[Alice, This Is Bob] } bobs-private-key 5: A->B: ok bob, here is a secret {secret} bobs-public-key 6: B->A: {some message}secret-key 8 How It Works Step 1: your browser introduces itself to the secure server Step 2: the server responds by sending back a message with the certificate included Step 3: Your browser tells the secure site to prove its identity, that it really is who it says it is. 9 Supported key exchange methods RSA based (SSL_RSA_with...) the secret key (pre-master secret) is encrypted with the server’s public RSA key the server’s public key is made available to the client during the exchange fixed Diffie-Hellman (SSL_DH_RSA_with… or SSL_DH_DSS_with…) the server has fix DH parameters contained in a certificate signed by a CA the client may have fix DH parameters certified by a CA or it may send an unauthenticated one-time DH public value in the client_key_exchange message ephemeral Diffie-Hellman (SSL_DHE_RSA_with… or SSL_DHE_DSS_with…) both the server and the client generate one-time DH parameters the server signs its DH parameters with its private RSA or DSS key the client may authenticate itself (if requested by the server) by signing the hash of the handshake messages with its private RSA or DSS key anonymous Diffie-Hellman both the server and the client generate one-time DH parameters they send their parameters to the peer without authentication Fortezza Fortezza proprietary key exchange scheme 15 Server certificate and key exchange messages certificate required for eve
Secure Sockets Layer - Jordan University of Science and 安全套接字层 -乔丹科技大学 来自淘豆网www.taodocs.com转载请标明出处.