ssl_intro.xml.ja

Apache HTTP Server 是一个功能强大的灵活的与HTTP/1.1相兼容的web服务器.这里给出的是Apache HTTP服务器的源码。

    $BA4$F$N2DG=@-$K$D$$$O!"(BSSL $B;EMM=q$r;2>H$7$F$/$@$5$$!#(B</p>

    <note><title>$BCm0U(B</title>
    <p>$B0lEY(B SSL $B%;%C%7%g%s$,3NN)$9$k$H!"%;%C%7%g%s$r:FMxMQ$9$k$3$H$G!"(B
    $B%;%C%7%g%s$r3+;O$9$k$?$a$NB?$/$N2aDx$r7+$jJV$9$H$$$&(B
    $B%Q%U%)!<%^%s%9$NB;<:$rKI$.$^$9!#(B
    $B$=$N$?$a!"%5!<%P$OA4$F$N%;%C%7%g%s$K0l0U$J%;%C%7%g%s<1JLL>$r(B
    $B3d$jEv$F!"%5!<%P$K%-%c%C%7%e$7!"%/%i%$%"%s%H$O<!2s$+$i(B
    ($B<1JLL>$,%5!<%P$N%-%c%C%7%e$G4|8B@Z$l$K$J$k$^$G$O(B)
    $B%O%s%I%7%'!<%/$J$7$G@\B3$9$k$3$H$,$G$-$^$9!#(B</p>
    </note>

    <p class="figure">
    <img 
    src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
    <a id="figure1" name="figure1"><dfn>$B?^(B1</dfn></a>: SSL
    $B%O%s%I%7%'!<%/%7!<%/%(%s%935N,(B</p>

    <p>$B%5!<%P$H%/%i%$%"%s%H$G;H$o$l$k(B
    $B%O%s%I%7%'!<%/%7!<%/%(%s%9$NMWAG$r0J2<$K<($7$^$9(B:</p>

    <ol>
    <li>$B%G!<%?DL?.$K;H$o$l$k0E9f%9%$!<%H$N<h$j7h$a(B</li>
    <li>$B%/%i%$%"%s%H$H%5!<%P4V$G$N%;%C%7%g%s80$N3NN)$H6&M-(B</li>
    <li>$B%*%W%7%g%s$H$7$F!"%/%i%$%"%s%H$KBP$9$k%5!<%P$NG'>Z(B</li>
    <li>$B%*%W%7%g%s$H$7$F!"%5!<%P$KBP$9$k%/%i%$%"%s%H$NG'>Z(B</li>
    </ol>

    <p>$BBh0l%9%F%C%W$N0E9f%9%$!<%H<h$j7h$a$K$h$C$F!"(B
    $B%5!<%P$H%/%i%$%"%s%H$O$=$l$>$l$K$"$C$?(B
    $B0E9f%9%$!<%H$rA*$V$3$H$,$G$-$^$9!#(B
    SSL3.0 $B%W%m%H%3%k$N;EMM=q$O(B 31 $B$N0E9f%9%$!<%H$rDj5A$7$F$$$^$9!#(B
    $B0E9f%9%$!<%H$O0J2<$N%3%s%]!<%M%s%H$K$h$jDj5A$5$l$F$$$^$9(B:</p>

    <ul>
    <li>$B80$N8r49<jCJ(B</li>
    <li>$B%G!<%?DL?.$N0E9f=Q(B</li>
    <li>Message Authentication Code (MAC) $B:n@.$N$?$a$N(B
    $B%a%C%;!<%8%@%$%8%'%9%H(B</li>
    </ul>

    <p>$B$3$l$i$N;0$D$NMWAG$O0J2<$N%;%/%7%g%s$G@bL@$5$l$F$$$^$9!#(B</p>
</section>

<section id="keyexchange">
<title>$B80$N8r49<jCJ(B</title>
    <p>$B80$N8r49<jCJ$O%"%W%j%1!<%7%g%s$N%G!<%?DL?.$K;H$o$l!"(B
    $B6&M-$5$l$kBP>N0E9f80$r$I$N$h$&$K$,%/%i%$%"%s%H$H%5!<%P$G(B
    $B<h$j7h$a$k$+$rDj5A$7$^$9!#(B
    SSL 2.0 $B$O(B RSA $B808r49$7$+;H$$$^$;$s$,!"(B
    SSL 3.0 $B$O>ZL@=q$,;H$o$l$k$H$-$O(B RSA $B808r49$r;H$$!"(B
    $B>ZL@=q$,L5$/!"%/%i%$%"%s%H$H%5!<%P$N;vA0$NDL?.$,L5$$>l9g$O(B
    Diffie-Hellman $B808r49$r;H$&(B
    $B$J$IMM!9$J808r49%"%k%4%j%:%`$r%5%]!<%H$7$^$9!#(B</p>

    <p>$B80$N8r49J}K!$K$*$1$k0l$D$NA*Br;h$OEE;R=pL>$G$9!#(B
    $BEE;R=pL>$r;H$&$+$I$&$+!"$^$?!"(B
    $B$I$N<oN`$N=pL>$r;H$&$+$H$$$&A*Br$,$"$j$^$9!#(B
    $BHkL)80$G=pL>$9$k$3$H$G6&M-80$r@8@.$9$7!">pJs8r49$9$k;~$N(B
    $B%^%s!&%$%s!&%6!&%_%I%k967b$rKI$0$3$H$,$G$-$^$9!#(B
    [<a href="#AC96">AC96</a>, p516]</p>
</section>

<section id="ciphertransfer">
<title>$B%G!<%?DL?.$N0E9f=Q(B</title>
    <p>SSL $B$O%;%C%7%g%s$N%a%C%;!<%8$N0E9f2=$KA0=R$7$?(B
    $B=>Mh7?0E9f(B($BBP>N0E9f(B)$B$rMQ$$$^$9!#(B
    $B0E9f2=$7$J$$$H$$$&A*Br;h$b4^$a6e$D$NA*Br;h$,$"$j$^$9(B:</p>

    <ul>
    <li>$B0E9f2=$J$7(B</li>
    <li>$B%9%H%j!<%`0E9f(B
        <ul>
        <li>40-bit $B80$G$N(B RC4</li>
        <li>128-bit $B80$G$N(B RC4</li>
        </ul></li>
    <li>CBC $B%V%m%C%/0E9f(B
        <ul><li>40 bit $B80$G$N(B RC2</li>
        <li>40 bit $B80$G$N(B DES</li>
        <li>56 bit $B80$G$N(B DES</li>
        <li>168 bit $B80$G$N(B Triple-DES</li>
        <li>Idea (128 bit $B80(B)</li>
        <li>Fortezza (96 bit $B80(B)</li>
        </ul></li>
    </ul>

    <p>$B$3$3$G$N(B CBC $B$H$O0E9f%V%m%C%/O":?(B (Cipher Block Chaining)
     $B$NN,$G!"0l$DA0$N0E9f2=$5$l$?0E9fJ8$N0lIt$,(B
    $B%V%m%C%/$N0E9f2=$K;H$o$l$k$3$H$r0UL#$7$^$9!#(B
    DES $B$O%G!<%?0E9f2=I8=`5,3J(B (Data Encryption Standard)
     [<a href="#AC96">AC96</a>, ch12] $B$NN,$G!"(B
    DES40 $B$d(B 3DES_EDE $B$r4^$`$$$/$D$b$N<oN`$,$"$j$^$9!#(B
    Idea $B$O:G9b$J$b$N$N0l$D$G!"0E9f=QE*$K$O8=:_$"$kCf$G(B
    $B:G$b6/NO$J$b$N$G$9!#(B
    RC2 $B$O(B RSA DSI $B$K$h$kFH@jE*$J%"%k%4%j%:%`$G$9!#(B
     [<a href="#AC96">AC96</a>,
    ch13]</p>
</section>

<section id="digestfuntion">
<title>$B%@%$%8%'%9%H4X?t(B</title>
    <p>
    $B%@%$%8%'%9%H4X?t$NA*Br$O%l%3!<%I%f%K%C%H$+$i$I$N$h$&$K%@%$%8%'%9%H$,@8@.$5$l$k$+$r7hDj$7$^$9!#(B
    SSL $B$O0J2<$r%5%]!<%H$7$^$9(B:</p>

    <ul>
    <li>$B%@%$%8%'%9%H$J$7(B</li>
    <li>MD5 (128-bit $B%O%C%7%e(B)</li>
    <li>Secure Hash Algorithm (SHA-1) (160-bit $B%O%C%7%e(B)</li>
    </ul>

    <p>$B%a%C%;!<%8%@%$%8%'%9%H$O(B Message Authentication Code (MAC) 
    $B$N@8@.$K;H$o$l!"%a%C%;!<%8$H6&$K0E9f2=$5$l!"%a%C%;!<%8$N?.MQ$r(B
    $BDs6!$7!"%j%W%l%$967b$rKI$.$^$9!#(B</p>
</section>

<section id="handshake">
<title>$B%O%s%I%7%'!<%/%7!<%/%(%s%9%W%m%H%3%k(B</title>
    <p>$B%O%s%I%7%'!<%/%7!<%/%(%s%9$O;0$D$N%W%m%H%3%k$r;H$$$^$9(B:</p>

    <ul>
    <li><dfn>SSL $B%O%s%I%7%'!<%/%W%m%H%3%k(B</dfn>$B$O(B
    $B%/%i%$%"%s%H$H%5!<%P4V$G$N(B SSL $B%;%C%7%g%s$N3NN)$K;H$o$l$^$9!#(B</li>
    <li><dfn>SSL $B0E9f;EMMJQ99%W%m%H%3%k(B</dfn>$B$O(B
    $B%;%C%7%g%s$G$N0E9f%9%$!<%H$N<h$j7h$a$K;H$o$l$^$9!#(B</li>
    <li><dfn>SSL $B7Y9p%W%m%H%3%k(B</dfn>$B$O(B
    $B%/%i%$%"%s%H%5!<%P4V$G(B SSL $B%(%i!<$rEAC#$9$k$N$K;H$o$l$^$9!#(B</li>
    </ul>

    <p>$B;0$D$N%W%m%H%3%k$O!"%"%W%j%1!<%7%g%s%W%m%H%3%k%G!<%?$H$H$b$K!"(B
    <a href="#figure2">$B?^(B2</a>$B$K<($9$H$*$j(B <dfn>SSL $B%l%3!<%I%W%m%H%3%k(B</dfn>
    $B$G%+%W%;%k2=$5$l$^$9!#(B
    $B%+%W%;%k2=$5$l$?%W%m%H%3%k$O%G!<%?$r8!::$7$J$$(B
    $B2<AX$N%W%m%H%3%k$K$h$C$F%G!<%?$H$7$FEAC#$5$l$^$9!#(B
    $B%+%W%;%k2=$5$l$?%W%m%H%3%k$O2<AX$N%W%m%H%3%k$K4X$7$F0l@Z4XCN$7$^$;$s!#(B</p>

    <p class="figure">
    <img src="../images/ssl_intro_fig2.gif" alt="" width="428"
        height="217" /><br />
    <a id="figure2" name="figure2"><dfn>$B?^(B2</dfn></a>: SSL $B%W%m%H%3%k%9%?%C%/(B
    </p>

    <p>
    $B%l%3!<%I%W%m%H%3%k$K$h$k(B SSL $B%3%s%H%m!<%k%W%m%H%3%k$N%+%W%;%k2=$O!"(B
    $B%"%/%F%#%V$J%;%C%7%g%s$NFs2sL\$NDL?.$,$"$C$?>l9g!"(B
    $B%3%s%H%m!<%k%W%m%H%3%k$,0BA4$G$"$k$3$H$r0UL#$7$^$9!#(B
    $B4{$K%;%C%7%g%s$,L5$$>l9g$O!"(BNull $B0E9f%9%$!<%H$,;H$o$l!"(B
    $B0E9f2=$O9T$J$o$l$:!"%;%C%7%g%s$,3NN)$9$k$^$G$O(B
    $B%@%$%8%'%9%H$bL5$$>uBV$H$J$j$^$9!#(B</p>
</section>

<section id="datatransfer">
<title>$B%G!<%?DL?.(B</title>
    <p><a href="#figure3">$B?^(B3</a>$B$K<($5$l$k(B SSL $B%l%3!<%I%W%m%H%3%k(B
    $B$O%/%i%$%"%s%H$H%5!<%P4V$N%"%W%j%1!<%7%g%s$d(B
    SSL $B%3%s%H%m!<%k%G!<%?$NDL?.$K;H$o$l$^$9!#(B
    $B$3$N%G!<%?$O$h$j>.$5$$%f%K%C%H$KJ,$1$i$l$?$j!"(B
    $B$$$/$D$+$N9b5i%W%m%H%3%k$r$^$H$a$F0l%f%K%C%H$H$7$FDL?.$,(B
    $B9T$J$o$l$k$3$H$b$"$j$^$9!#(B
    $B%G!<%?$r05=L$7!"%@%$%8%'%9%H=pL>$rE:IU$7$F!"(B
    $B$3$l$i$N%f%K%C%H$r0E9f2=$7$?$N$A!"%Y!<%9$H$J$C$F$$$k(B
    $B?.Mj@-$N$"$k%H%i%s%9%]!<%H%W%m%H%3%k$rMQ$$$k$+$b$7$l$^$;$s!#(B
    ($BCm0U(B: $B8=:_%a%8%c!<$J(B SLL $B<BAu$G05=L$r%5%]!<%H$7$F$$$k$b$N$O$"$j$^$;$s(B)</p>

    <p class="figure">
    <img src="../images/ssl_intro_fig3.gif" alt="" width="423"
        height="323" /><br />
    <a id="figure3" name="figure3"><dfn>$B?^(B 3</dfn></a>: SSL $B%l%3!<%I%W%m%H%3%k(B
    </p>
</section>

<section id="securehttp">
<title>HTTP $BDL?.$N0BA42=(B</title>
    <p>$B$h$/$"$k(B SSL $B$N;H$$J}$O%V%i%&%6$H%&%'%V%5!<%P4V$N(B HTTP $BDL?.(B
    $B$N0BA42=$G$9!#(B
    $B$3$l$O!"=>Mh$N0BA4$G$O$J$$(B HTTP $B$N;HMQ$r=|30$9$k$b$N$G$O$"$j$^$;$s!#(B
    $B0BA42=$5$l$?$b$N$O<g$K(B SSH $B>e$NIaDL$N(B HTTP $B$G!"(BHTTPS $B$H8F$P$l$^$9!#(B
    $BBg$-$J0c$$$O!"(BURL $B%9%-!<%`$K(B <code>http</code> $B$NBe$o$j$K(B <code>https</code>
    $B$rMQ$$!"%5!<%P$,JL$N%]!<%H$r;H$&$3$H$G$9(B ($B%G%U%)%k%H$G$O(B443)$B!#(B
    $B$3$l$,<g$K(B <module
    >mod_ssl</module> $B$,(B Apache $B%&%'%V%5!<%P$KDs6!$9$k5!G=$G$9!#(B</p>
</section>
</section>
<!-- /ssl -->

<section id="references">
<title>$B;29MJ88%(B</title>
<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/"
>http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>

<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a
href="http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I"
>http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I</a>.
</dd>

<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a
href="http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509"
>http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509</a>.
</dd>

<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>, 
RSA Laboratories Technical Notes, See <a
href="http://www.rsasecurity.com/rsalabs/pkcs/"
>http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>

<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt"
>http://ietf.org/rfc/rfc2045.txt</a>.</dd>

<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a
href="http://www.netscape.com/eng/security/SSL_2.html"
>http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>

<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a
href="http://www.netscape.com/eng/ssl3/draft302.txt"
>http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>

<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt"
>http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</section>
<!-- /references -->

</manualpage>