- Information
- AI Chat
Handshake Protocol - Study thoroughly
Computer network security (BC-504)
Manipur University
Recommended for you
Preview text
Handshake Protocol
The most complex part of SSL is the Handshake Protocol. This protocol allows the server and client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in an SSL record. The Handshake Protocol is used before any application data is transmitted.
The Handshake Protocol consists of a series of messages exchanged by client and server. All of these have the format shown in Figure below. Each message has three fields:
● Type (1 byte): Indicates one of 10 messages. Table 17 lists the defined message types. ● Length (3 bytes): The length of the message in bytes. ● Content (0 bytes): The parameters associated with this message; these are listed in Table 17.
Table 17. SSL Handshake Protocol Message Types
Message Type Parameters
hello_request null
client_hello version, random, session id, cipher suite, compression method
server_hello version, random, session id, cipher suite, compression method
certificate chain of X certificates
server_key_exchange parameters, signature
certificate_request type, authorities
server_done null
certificate_verify signature
client_key_exchange parameters, signature
finished hash value
Figure 17 shows the initial exchange needed to establish a logical connection between client and server. The exchange can be viewed as having four phases
Figure 17. Handshake Protocol Action
If the server has requested a certificate, the client begins this phase by sending a certificate message. If no suitable certificate is available, the client sends a no_certificate alert instead.
Next is the client_key_exchange message , which must be sent in this phase. Finally, in this phase, the client may send a certificate_verify message to provide explicit verification of a client certificate. This message is only sent following any client certificate that has signing capability.
Phase 4. Finish
This phase completes the setting up of a secure connection. The client sends a change_cipher_spec message and copies the pending CipherSpec into the current CipherSpec. Note that this message is not considered part of the Handshake Protocol but is sent using the Change Cipher Spec Protocol. The client then immediately sends the finished message under the new algorithms, keys, and secrets. The finished message verifies that the key exchange and authentication processes were successful.
In response to these two messages, the server sends its own change_cipher_spec message , transfers the pending to the current CipherSpec, and sends its finished message. At this point the handshake is complete and the client and server may begin to exchange application layer data.
Handshake Protocol - Study thoroughly
Course: Computer network security (BC-504)
University: Manipur University
