我有一个非常基本的问题:SSL 握手中的 client_hello 或 server_hello 如何确定它可以支持的 SSL/TLS 版本?我的意思是,据我了解,首先是客户端,然后是服务器发送它们支持的最高 SSL 版本。但是,这是如何确定的呢?
它是证书中的版本字段吗?
最好的问候, HL
问问题
2779 次
2 回答
2
这在TLS 规范的附录 E中都有描述。这在 TLS 1.0、1.1 和 1.2 规范中的表述略有不同,但原理保持不变。
本质上,客户端要求它可以支持的最高版本,而服务器则以它可以支持的最高版本进行响应,直到客户端的版本:
min(max. client supported version, max. server supported version)
只要双方确实支持生成的版本,这就会起作用。
于 2013-01-10T11:22:25.210 回答
0
The client is responsible for initiating an SSL handshake by sending the ClientHello message. If this isn't the first message that is sent, the server responds with an error and shuts down the socket.
The client advertises to the server which cipher specs it supports, it's not required to support all of them.
The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL.
The client also sends a challenge token, which the server must encrypt using the newly negotiated key before sending back the encrypted value, in its hello message. The client verifies that the decrypted token is the same as what was sent. If it's not, the handshake is rejected.
View the complete demo here
于 2013-09-21T03:04:10.423 回答