📄 ssl_intro.html.en
字号:
certificate. Although cases exist where additional handshake steps
are required for management of cipher information, this article
summarizes one common scenario. See the SSL specification for the full
range of possibilities.</p>
<div class="note"><h3>Note</h3>
<p>Once an SSL session has been established, it may be reused. This
avoids the performance penalty of repeating the many steps needed
to start a session. To do this, the server assigns each SSL session a
unique session identifier which is cached in the server and which the
client can use in future connections to reduce the handshake time
(until the session identifer expires from the cache of the server).</p>
</div>
<p class="figure">
<img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
<a id="figure1" name="figure1"><dfn>Figure 1</dfn></a>: Simplified SSL
Handshake Sequence</p>
<p>The elements of the handshake sequence, as used by the client and
server, are listed below:</p>
<ol>
<li>Negotiate the Cipher Suite to be used during data transfer</li>
<li>Establish and share a session key between client and server</li>
<li>Optionally authenticate the server to the client</li>
<li>Optionally authenticate the client to the server</li>
</ol>
<p>The first step, Cipher Suite Negotiation, allows the client and
server to choose a Cipher Suite supported by both of them. The SSL3.0
protocol specification defines 31 Cipher Suites. A Cipher Suite is
defined by the following components:</p>
<ul>
<li>Key Exchange Method</li>
<li>Cipher for Data Transfer</li>
<li>Message Digest for creating the Message Authentication Code (MAC)</li>
</ul>
<p>These three elements are described in the sections that follow.</p>
<h3><a name="keyexchange" id="keyexchange">Key Exchange Method</a></h3>
<p>The key exchange method defines how the shared secret symmetric
cryptography key used for application data transfer will be agreed
upon by client and server. SSL 2.0 uses RSA key exchange only, while
SSL 3.0 supports a choice of key exchange algorithms including
RSA key exchange (when certificates are used), and Diffie-Hellman key
exchange (for exchanging keys without certificates, or without prior
communication between client and server).</p>
<p>One variable in the choice of key exchange methods is digital
signatures -- whether or not to use them, and if so, what kind of
signatures to use. Signing with a private key provides protection
against a man-in-the-middle-attack during the information exchange
used to generating the shared key [<a href="#AC96">AC96</a>, p516].</p>
<h3><a name="ciphertransfer" id="ciphertransfer">Cipher for Data Transfer</a></h3>
<p>SSL uses conventional symmetric cryptography, as described earlier,
for encrypting messages in a session.
There are nine choices of how to encrypt, including the option not to
encrypt:</p>
<ul>
<li>No encryption</li>
<li>Stream Ciphers
<ul>
<li>RC4 with 40-bit keys</li>
<li>RC4 with 128-bit keys</li>
</ul></li>
<li>CBC Block Ciphers
<ul><li>RC2 with 40 bit key</li>
<li>DES with 40 bit key</li>
<li>DES with 56 bit key</li>
<li>Triple-DES with 168 bit key</li>
<li>Idea (128 bit key)</li>
<li>Fortezza (96 bit key)</li>
</ul></li>
</ul>
<p>"CBC" refers to Cipher Block Chaining, which means that a
portion of the previously encrypted cipher text is used in the
encryption of the current block. "DES" refers to the Data Encryption
Standard [<a href="#AC96">AC96</a>, ch12], which has a number of
variants (including DES40 and 3DES_EDE). "Idea" is currently one of
the best and cryptographically strongest algorithms available,
and "RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>, ch13].</p>
<h3><a name="digestfuntion" id="digestfuntion">Digest Function</a></h3>
<p>The choice of digest function determines how a digest is created
from a record unit. SSL supports the following:</p>
<ul>
<li>No digest (Null choice)</li>
<li>MD5, a 128-bit hash</li>
<li>Secure Hash Algorithm (SHA-1), a 160-bit hash</li>
</ul>
<p>The message digest is used to create a Message Authentication Code
(MAC) which is encrypted with the message to verify integrity and to
protect against replay attacks.</p>
<h3><a name="handshake" id="handshake">Handshake Sequence Protocol</a></h3>
<p>The handshake sequence uses three protocols:</p>
<ul>
<li>The <dfn>SSL Handshake Protocol</dfn>
for performing the client and server SSL session establishment.</li>
<li>The <dfn>SSL Change Cipher Spec Protocol</dfn> for actually
establishing agreement on the Cipher Suite for the session.</li>
<li>The <dfn>SSL Alert Protocol</dfn> for conveying SSL error
messages between client and server.</li>
</ul>
<p>These protocols, as well as application protocol data, are
encapsulated in the <dfn>SSL Record Protocol</dfn>, as shown in
<a href="#figure2">Figure 2</a>. An encapsulated protocol is
transferred as data by the lower layer protocol, which does not
examine the data. The encapsulated protocol has no knowledge of the
underlying protocol.</p>
<p class="figure">
<img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br />
<a id="figure2" name="figure2"><dfn>Figure 2</dfn></a>: SSL Protocol Stack
</p>
<p>The encapsulation of SSL control protocols by the record protocol
means that if an active session is renegotiated the control protocols
will be transmitted securely. If there was no previous session,
the Null cipher suite is used, which means there will be no encryption and
messages will have no integrity digests, until the session has been
established.</p>
<h3><a name="datatransfer" id="datatransfer">Data Transfer</a></h3>
<p>The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>,
is used to transfer application and SSL Control data between the
client and server, where necessary fragmenting this data into smaller units,
or combining multiple higher level protocol data messages into single
units. It may compress, attach digest signatures, and encrypt these
units before transmitting them using the underlying reliable transport
protocol (Note: currently, no major SSL implementations include support
for compression).</p>
<p class="figure">
<img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br />
<a id="figure3" name="figure3"><dfn>Figure 3</dfn></a>: SSL Record Protocol
</p>
<h3><a name="securehttp" id="securehttp">Securing HTTP Communication</a></h3>
<p>One common use of SSL is to secure Web HTTP communication between
a browser and a webserver. This does not preclude the use of
non-secured HTTP - the secure version (called HTTPS) is the same as
plain HTTP over SSL, but uses the URL scheme <code>https</code>
rather than <code>http</code>, and a different server port (by default,
port 443). This functionality is a large part of what <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides for the Apache webserver.</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="references" id="references">References</a></h2>
<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>
<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>.
</dd>
<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>.
</dd>
<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>,
RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>
<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd>
<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>
<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" title="English"> en </a> |
<a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div><div id="footer">
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -