📄 ssl_intro.html.en
字号:
certificate. Although cases exist where additional handshake steps are required for management of cipher information, this article summarizes one common scenario. See the SSL specification for the full range of possibilities.</p> <div class="note"><h3>Note</h3> <p>Once an SSL session has been established, it may be reused. This avoids the performance penalty of repeating the many steps needed to start a session. To do this, the server assigns each SSL session a unique session identifier which is cached in the server and which the client can use in future connections to reduce the handshake time (until the session identifer expires from the cache of the server).</p> </div> <p class="figure"> <img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br /> <a id="figure1" name="figure1"><dfn>Figure 1</dfn></a>: Simplified SSL Handshake Sequence</p> <p>The elements of the handshake sequence, as used by the client and server, are listed below:</p> <ol> <li>Negotiate the Cipher Suite to be used during data transfer</li> <li>Establish and share a session key between client and server</li> <li>Optionally authenticate the server to the client</li> <li>Optionally authenticate the client to the server</li> </ol> <p>The first step, Cipher Suite Negotiation, allows the client and server to choose a Cipher Suite supported by both of them. The SSL3.0 protocol specification defines 31 Cipher Suites. A Cipher Suite is defined by the following components:</p> <ul> <li>Key Exchange Method</li> <li>Cipher for Data Transfer</li> <li>Message Digest for creating the Message Authentication Code (MAC)</li> </ul> <p>These three elements are described in the sections that follow.</p><h3><a name="keyexchange" id="keyexchange">Key Exchange Method</a></h3> <p>The key exchange method defines how the shared secret symmetric cryptography key used for application data transfer will be agreed upon by client and server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of key exchange algorithms including RSA key exchange (when certificates are used), and Diffie-Hellman key exchange (for exchanging keys without certificates, or without prior communication between client and server).</p> <p>One variable in the choice of key exchange methods is digital signatures -- whether or not to use them, and if so, what kind of signatures to use. Signing with a private key provides protection against a man-in-the-middle-attack during the information exchange used to generating the shared key [<a href="#AC96">AC96</a>, p516].</p><h3><a name="ciphertransfer" id="ciphertransfer">Cipher for Data Transfer</a></h3> <p>SSL uses conventional symmetric cryptography, as described earlier, for encrypting messages in a session. There are nine choices of how to encrypt, including the option not to encrypt:</p> <ul> <li>No encryption</li> <li>Stream Ciphers <ul> <li>RC4 with 40-bit keys</li> <li>RC4 with 128-bit keys</li> </ul></li> <li>CBC Block Ciphers <ul><li>RC2 with 40 bit key</li> <li>DES with 40 bit key</li> <li>DES with 56 bit key</li> <li>Triple-DES with 168 bit key</li> <li>Idea (128 bit key)</li> <li>Fortezza (96 bit key)</li> </ul></li> </ul> <p>"CBC" refers to Cipher Block Chaining, which means that a portion of the previously encrypted cipher text is used in the encryption of the current block. "DES" refers to the Data Encryption Standard [<a href="#AC96">AC96</a>, ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea" is currently one of the best and cryptographically strongest algorithms available, and "RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>, ch13].</p><h3><a name="digestfuntion" id="digestfuntion">Digest Function</a></h3> <p>The choice of digest function determines how a digest is created from a record unit. SSL supports the following:</p> <ul> <li>No digest (Null choice)</li> <li>MD5, a 128-bit hash</li> <li>Secure Hash Algorithm (SHA-1), a 160-bit hash</li> </ul> <p>The message digest is used to create a Message Authentication Code (MAC) which is encrypted with the message to verify integrity and to protect against replay attacks.</p><h3><a name="handshake" id="handshake">Handshake Sequence Protocol</a></h3> <p>The handshake sequence uses three protocols:</p> <ul> <li>The <dfn>SSL Handshake Protocol</dfn> for performing the client and server SSL session establishment.</li> <li>The <dfn>SSL Change Cipher Spec Protocol</dfn> for actually establishing agreement on the Cipher Suite for the session.</li> <li>The <dfn>SSL Alert Protocol</dfn> for conveying SSL error messages between client and server.</li> </ul> <p>These protocols, as well as application protocol data, are encapsulated in the <dfn>SSL Record Protocol</dfn>, as shown in <a href="#figure2">Figure 2</a>. An encapsulated protocol is transferred as data by the lower layer protocol, which does not examine the data. The encapsulated protocol has no knowledge of the underlying protocol.</p> <p class="figure"> <img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br /> <a id="figure2" name="figure2"><dfn>Figure 2</dfn></a>: SSL Protocol Stack </p> <p>The encapsulation of SSL control protocols by the record protocol means that if an active session is renegotiated the control protocols will be transmitted securely. If there was no previous session, the Null cipher suite is used, which means there will be no encryption and messages will have no integrity digests, until the session has been established.</p><h3><a name="datatransfer" id="datatransfer">Data Transfer</a></h3> <p>The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to transfer application and SSL Control data between the client and server, where necessary fragmenting this data into smaller units, or combining multiple higher level protocol data messages into single units. It may compress, attach digest signatures, and encrypt these units before transmitting them using the underlying reliable transport protocol (Note: currently, no major SSL implementations include support for compression).</p> <p class="figure"> <img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br /> <a id="figure3" name="figure3"><dfn>Figure 3</dfn></a>: SSL Record Protocol </p><h3><a name="securehttp" id="securehttp">Securing HTTP Communication</a></h3> <p>One common use of SSL is to secure Web HTTP communication between a browser and a webserver. This does not preclude the use of non-secured HTTP - the secure version (called HTTPS) is the same as plain HTTP over SSL, but uses the URL scheme <code>https</code> rather than <code>http</code>, and a different server port (by default, port 443). This functionality is a large part of what <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides for the Apache webserver.</p></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="references" id="references">References</a></h2><dl><dt><a id="AC96" name="AC96">[AC96]</a></dt><dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by BruceSchneier.</dd><dt><a id="X208" name="X208">[X208]</a></dt><dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax NotationOne (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>.</dd><dt><a id="X509" name="X509">[X509]</a></dt><dd>ITU-T Recommendation X.509, <q>The Directory - AuthenticationFramework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>.</dd><dt><a id="PKCS" name="PKCS">[PKCS]</a></dt><dd><q>Public Key Cryptography Standards (PKCS)</q>, RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd><dt><a id="MIME" name="MIME">[MIME]</a></dt><dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd><dt><a id="SSL2" name="SSL2">[SSL2]</a></dt><dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd><dt><a id="SSL3" name="SSL3">[SSL3]</a></dt><dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL ProtocolVersion 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd><dt><a id="TLS1" name="TLS1">[TLS1]</a></dt><dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd></dl></div></div><div class="bottomlang"><p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" title="English"> en </a> |<a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p></div><div id="footer"><p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -