📄 ssl_intro.html.en
字号:
<div class="note"><h3>Note</h3>
<p>Once an SSL session has been established it may be reused, thus
avoiding the performance penalty of repeating the many steps needed
to start a session. For this the server assigns each SSL session a
unique session identifier which is cached in the server and which the
client can use on forthcoming connections to reduce the handshake
(until the session identifer expires in the cache of the server).</p>
</div>
<p class="figure">
<img src="../images/ssl_intro_fig1.gif" alt="" width="423" height="327" /><br />
<a id="figure1" name="figure1"><dfn>Figure 1</dfn></a>: Simplified SSL
Handshake Sequence</p>
<p>The elements of the handshake sequence, as used by the client and
server, are listed below:</p>
<ol>
<li>Negotiate the Cipher Suite to be used during data transfer</li>
<li>Establish and share a session key between client and server</li>
<li>Optionally authenticate the server to the client</li>
<li>Optionally authenticate the client to the server</li>
</ol>
<p>The first step, Cipher Suite Negotiation, allows the client and
server to choose a Cipher Suite supportable by both of them. The SSL3.0
protocol specification defines 31 Cipher Suites. A Cipher Suite is
defined by the following components:</p>
<ul>
<li>Key Exchange Method</li>
<li>Cipher for Data Transfer</li>
<li>Message Digest for creating the Message Authentication Code (MAC)</li>
</ul>
<p>These three elements are described in the sections that follow.</p>
<h3><a name="keyexchange" id="keyexchange">Key Exchange Method</a></h3>
<p>The key exchange method defines how the shared secret symmetric
cryptography key used for application data transfer will be agreed
upon by client and server. SSL 2.0 uses RSA key exchange only, while
SSL 3.0 supports a choice of key exchange algorithms including the
RSA key exchange when certificates are used, and Diffie-Hellman key
exchange for exchanging keys without certificates and without prior
communication between client and server.</p>
<p>One variable in the choice of key exchange methods is digital
signatures -- whether or not to use them, and if so, what kind of
signatures to use. Signing with a private key provides assurance
against a man-in-the-middle-attack during the information exchange
used in generating the shared key [<a href="#AC96">AC96</a>, p516].</p>
<h3><a name="ciphertransfer" id="ciphertransfer">Cipher for Data Transfer</a></h3>
<p>SSL uses the conventional cryptography algorithm (symmetric
cryptography) described earlier for encrypting messages in a session.
There are nine choices, including the choice to perform no
encryption:</p>
<ul>
<li>No encryption</li>
<li>Stream Ciphers
<ul>
<li>RC4 with 40-bit keys</li>
<li>RC4 with 128-bit keys</li>
</ul></li>
<li>CBC Block Ciphers
<ul><li>RC2 with 40 bit key</li>
<li>DES with 40 bit key</li>
<li>DES with 56 bit key</li>
<li>Triple-DES with 168 bit key</li>
<li>Idea (128 bit key)</li>
<li>Fortezza (96 bit key)</li>
</ul></li>
</ul>
<p>Here "CBC" refers to Cipher Block Chaining, which means that a
portion of the previously encrypted cipher text is used in the
encryption of the current block. "DES" refers to the Data Encryption
Standard [<a href="#AC96">AC96</a>, ch12], which has a number of
variants (including DES40 and 3DES_EDE). "Idea" is one of the best
and cryptographically strongest available algorithms, and "RC2" is
a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
ch13].</p>
<h3><a name="digestfuntion" id="digestfuntion">Digest Function</a></h3>
<p>The choice of digest function determines how a digest is created
from a record unit. SSL supports the following:</p>
<ul>
<li>No digest (Null choice)</li>
<li>MD5, a 128-bit hash</li>
<li>Secure Hash Algorithm (SHA-1), a 160-bit hash</li>
</ul>
<p>The message digest is used to create a Message Authentication Code
(MAC) which is encrypted with the message to provide integrity and to
prevent against replay attacks.</p>
<h3><a name="handshake" id="handshake">Handshake Sequence Protocol</a></h3>
<p>The handshake sequence uses three protocols:</p>
<ul>
<li>The <dfn>SSL Handshake Protocol</dfn>
for performing the client and server SSL session establishment.</li>
<li>The <dfn>SSL Change Cipher Spec Protocol</dfn> for actually
establishing agreement on the Cipher Suite for the session.</li>
<li>The <dfn>SSL Alert Protocol</dfn> for conveying SSL error
messages between client and server.</li>
</ul>
<p>These protocols, as well as application protocol data, are
encapsulated in the <dfn>SSL Record Protocol</dfn>, as shown in
<a href="#figure2">Figure 2</a>. An encapsulated protocol is
transferred as data by the lower layer protocol, which does not
examine the data. The encapsulated protocol has no knowledge of the
underlying protocol.</p>
<p class="figure">
<img src="../images/ssl_intro_fig2.gif" alt="" width="428" height="217" /><br />
<a id="figure2" name="figure2"><dfn>Figure 2</dfn></a>: SSL Protocol Stack
</p>
<p>The encapsulation of SSL control protocols by the record protocol
means that if an active session is renegotiated the control protocols
will be transmitted securely. If there were no session before, then
the Null cipher suite is used, which means there is no encryption and
messages have no integrity digests until the session has been
established.</p>
<h3><a name="datatransfer" id="datatransfer">Data Transfer</a></h3>
<p>The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>,
is used to transfer application and SSL Control data between the
client and server, possibly fragmenting this data into smaller units,
or combining multiple higher level protocol data messages into single
units. It may compress, attach digest signatures, and encrypt these
units before transmitting them using the underlying reliable transport
protocol (Note: currently all major SSL implementations lack support
for compression).</p>
<p class="figure">
<img src="../images/ssl_intro_fig3.gif" alt="" width="423" height="323" /><br />
<a id="figure3" name="figure3"><dfn>Figure 3</dfn></a>: SSL Record Protocol
</p>
<h3><a name="securehttp" id="securehttp">Securing HTTP Communication</a></h3>
<p>One common use of SSL is to secure Web HTTP communication between
a browser and a webserver. This case does not preclude the use of
non-secured HTTP. The secure version is mainly plain HTTP over SSL
(named HTTPS), but with one major difference: it uses the URL scheme
<code>https</code> rather than <code>http</code> and a different
server port (by default 443). This mainly is what <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> provides to you for the Apache webserver...</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="references" id="references">References</a></h2>
<dl>
<dt><a id="AC96" name="AC96">[AC96]</a></dt>
<dd>Bruce Schneier, <q>Applied Cryptography</q>, 2nd Edition, Wiley,
1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for various other materials by Bruce
Schneier.</dd>
<dt><a id="X208" name="X208">[X208]</a></dt>
<dd>ITU-T Recommendation X.208, <q>Specification of Abstract Syntax Notation
One (ASN.1)</q>, 1988. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I">http://www.itu.int/rec/recommendation.asp?type=items&lang=e&parent=T-REC-X.208-198811-I</a>.
</dd>
<dt><a id="X509" name="X509">[X509]</a></dt>
<dd>ITU-T Recommendation X.509, <q>The Directory - Authentication
Framework</q>. See for instance <a href="http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509">http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-X.509</a>.
</dd>
<dt><a id="PKCS" name="PKCS">[PKCS]</a></dt>
<dd><q>Public Key Cryptography Standards (PKCS)</q>,
RSA Laboratories Technical Notes, See <a href="http://www.rsasecurity.com/rsalabs/pkcs/">http://www.rsasecurity.com/rsalabs/pkcs/</a>.</dd>
<dt><a id="MIME" name="MIME">[MIME]</a></dt>
<dd>N. Freed, N. Borenstein, <q>Multipurpose Internet Mail Extensions
(MIME) Part One: Format of Internet Message Bodies</q>, RFC2045.
See for instance <a href="http://ietf.org/rfc/rfc2045.txt">http://ietf.org/rfc/rfc2045.txt</a>.</dd>
<dt><a id="SSL2" name="SSL2">[SSL2]</a></dt>
<dd>Kipp E.B. Hickman, <q>The SSL Protocol</q>, 1995. See <a href="http://www.netscape.com/eng/security/SSL_2.html">http://www.netscape.com/eng/security/SSL_2.html</a>.</dd>
<dt><a id="SSL3" name="SSL3">[SSL3]</a></dt>
<dd>Alan O. Freier, Philip Karlton, Paul C. Kocher, <q>The SSL Protocol
Version 3.0</q>, 1996. See <a href="http://www.netscape.com/eng/ssl3/draft302.txt">http://www.netscape.com/eng/ssl3/draft302.txt</a>.</dd>
<dt><a id="TLS1" name="TLS1">[TLS1]</a></dt>
<dd>Tim Dierks, Christopher Allen, <q>The TLS Protocol Version 1.0</q>,
1999. See <a href="http://ietf.org/rfc/rfc2246.txt">http://ietf.org/rfc/rfc2246.txt</a>.</dd>
</dl>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/ssl/ssl_intro.html" title="English"> en </a> |
<a href="../ja/ssl/ssl_intro.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a></p>
</div><div id="footer">
<p class="apache">Copyright 2006 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -