ssl_intro.html.en

apache的软件linux版本

    <div class="note"><h3>Note</h3>
    <p>Once an SSL session has been established it may be reused, thus
    avoiding the performance penalty of repeating the many steps needed
    to start a session. For this the server assigns each SSL session a
    unique session identifier which is cached in the server and which the
    client can use on forthcoming connections to reduce the handshake
    (until the session identifer expires in the cache of the server).</p>
    </div>

    <p class="figure">
    <img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
    <a id="figure1" name="figure1"><dfn>Figure 1</dfn></a>: Simplified SSL
    Handshake Sequence</p>

    <p>The elements of the handshake sequence, as used by the client and
    server, are listed below:</p>

    <ol>
    <li>Negotiate the Cipher Suite to be used during data transfer</li>
    <li>Establish and share a session key between client and server</li>
    <li>Optionally authenticate the server to the client</li>
    <li>Optionally authenticate the client to the server</li>
    </ol>

    <p>The first step, Cipher Suite Negotiation, allows the client and
    server to choose a Cipher Suite supportable by both of them. The SSL3.0
    protocol specification defines 31 Cipher Suites. A Cipher Suite is
    defined by the following components:</p>

    <ul>
    <li>Key Exchange Method</li>
    <li>Cipher for Data Transfer</li>
    <li>Message Digest for creating the Message Authentication Code (MAC)</li>
    </ul>

    <p>These three elements are described in the sections that follow.</p>


<h3><a name="keyexchange" id="keyexchange">Key Exchange Method</a></h3>

    <p>The key exchange method defines how the shared secret symmetric
    cryptography key used for application data transfer will be agreed
    upon by client and server. SSL 2.0 uses RSA key exchange only, while
    SSL 3.0 supports a choice of key exchange algorithms including the
    RSA key exchange when certificates are used, and Diffie-Hellman key
    exchange for exchanging keys without certificates and without prior
    communication between client and server.</p>

    <p>One variable in the choice of key exchange methods is digital
    signatures -- whether or not to use them, and if so, what kind of
    signatures to use. Signing with a private key provides assurance
    against a man-in-the-middle-attack during the information exchange
    used in generating the shared key [<a href="#AC96">AC96</a>, p516].</p>


<h3><a name="ciphertransfer" id="ciphertransfer">Cipher for Data Transfer</a></h3>

    <p>SSL uses the conventional cryptography algorithm (symmetric
    cryptography) described earlier for encrypting messages in a session.
    There are nine choices, including the choice to perform no
    encryption:</p>

    <ul>
    <li>No encryption</li>
    <li>Stream Ciphers
        <ul>
        <li>RC4 with 40-bit keys</li>
        <li>RC4 with 128-bit keys</li>
        </ul></li>
    <li>CBC Block Ciphers
        <ul><li>RC2 with 40 bit key</li>
        <li>DES with 40 bit key</li>
        <li>DES with 56 bit key</li>
        <li>Triple-DES with 168 bit key</li>
        <li>Idea (128 bit key)</li>
        <li>Fortezza (96 bit key)</li>
        </ul></li>
    </ul>

    <p>Here "CBC" refers to Cipher Block Chaining, which means that a
    portion of the previously encrypted cipher text is used in the
    encryption of the current block. "DES" refers to the Data Encryption
    Standard [<a href="#AC96">AC96</a>, ch12], which has a number of
    variants (including DES40 and 3DES_EDE). "Idea" is one of the best
    and cryptographically strongest available algorithms, and "RC2" is
    a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
    ch13].</p>


<h3><a name="digestfuntion" id="digestfuntion">Digest Function</a></h3>

    <p>The choice of digest function determines how a digest is created
    from a record unit. SSL supports the following:</p>

    <ul>
    <li>No digest (Null choice)</li>
    <li>MD5, a 128-bit hash</li>
    <li>Secure Hash Algorithm (SHA-1), a 160-bit hash</li>
    </ul>

    <p>The message digest is used to create a Message Authentication Code
    (MAC) which is encrypted with the message to provide integrity and to
    prevent against replay attacks.</p>


<h3><a name="handshake" id="handshake">Handshake Sequence Protocol</a></h3>

    <p>The handshake sequence uses three protocols:</p>

    <ul>
    <li>The <dfn>SSL Handshake Protocol</dfn>
    for performing the client and server SSL session establishment.</li>
    <li>The <dfn>SSL Change Cipher Spec Protocol</dfn> for actually
    establishing agreement on the Cipher Suite for the session.</li>
    <li>The <dfn>SSL Alert Protocol</dfn> for conveying SSL error
    messages between client and server.</li>
    </ul>

    <p>These protocols, as well as application protocol data, are
    encapsulated in the <dfn>SSL Record Protocol</dfn>, as shown in
    <a href="#figure2">Figure 2</a>. An encapsulated protocol is
    transferred as data by the lower layer protocol, which does not
    examine the data. The encapsulated protocol has no knowledge of the
    underlying protocol.</p>

    <p class="figure">
    <img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br />
    <a id="figure2" name="figure2"><dfn>Figure 2</dfn></a>: SSL Protocol Stack
    </p>

    <p>The encapsulation of SSL control protocols by the record protocol
    means that if an active session is renegotiated the control protocols
    will be transmitted securely. If there were no session before, then
    the Null cipher suite is used, which means there is no encryption and
    messages have no integrity digests until the session has been
    established.</p>


<h3><a name="datatransfer" id="datatransfer">Data Transfer</a></h3>

    <p>The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>,
    is used to transfer application and SSL Control data between the
    client and server, possibly fragmenting this data into smaller units,
    or combining multiple higher level protocol data messages into single
    units. It may compress, attach digest signatures, and encrypt these
    units before transmitting them using the underlying reliable transport
    protocol (Note: currently all major SSL implementations lack support
    for compression).</p>

    <p class="figure">
    <img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br />
    <a id="figure3" name="figure3"><dfn>Figure 3</dfn></a>: SSL Record Protocol
    </p>


<h3><a name="securehttp" id="securehttp">Securing HTTP Communication</a></h3>

    <p>One common use of SSL is to secure Web HTTP communication between
    a browser and a webserver. This case does not preclude the use of
    non-secured HTTP. The secure version is mainly plain HTTP over SSL
    (named HTTPS), but with one major difference: it uses the URL scheme
    <code>https</code> rather than <code>http</code> and a different
    server port (by default 443). This mainly is what <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides to you for the Apache webserver...</p>

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="references" id="references">References</a></h2>

<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>

<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&amp;lang=e&amp;parent=T-REC-X.208-198811-I</a>.
</dd>

<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&amp;lang=e&amp;parent=T-REC-X.509</a>.
</dd>

<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>, 
RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>

<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd>

<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>

<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>

<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" title="English">&nbsp;en&nbsp;</a> |
<a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a></p>
</div><div id="footer">
<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>