Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 [求助]RFC2246中的一段话,怎么理解?
josephzy





发贴: 2
积分: 0
于 2006-12-17 23:43 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
7.4.9. Finished

When this message will be sent:
A finished message is always sent immediately after a change
cipher spec message to verify that the key exchange and
authentication processes were successful. It is essential that a
change cipher spec message be received between the other
handshake messages and the Finished message.

Meaning of this message:
The finished message is the first protected with the just-
negotiated algorithms, keys, and secrets. Recipients of finished
messages must verify that the contents are correct. Once a side
has sent its Finished message and received and validated the
Finished message from its peer, it may begin to send and receive
application data over the connection.

struct {
opaque verify_data[12];
} Finished;

verify_data
PRF(master_secret, finished_label, MD5(handshake_messages) +
SHA-1(handshake_messages)) [0..11];

finished_label
For Finished messages sent by the client, the string "client
finished". For Finished messages sent by the server, the
string "server finished".

handshake_messages
All of the data from all handshake messages up to but not
including this message. This is only data visible at the
handshake layer and does not include record layer headers.

Dierks & Allen Standards Track [Page 46]

RFC 2246 The TLS Protocol Version 1.0 January 1999

This is the concatenation of all the Handshake structures as
defined in 7.4 exchanged thus far.

It is a fatal error if a finished message is not preceded by a change
cipher spec message at the appropriate point in the handshake.

The hash contained in finished messages sent by the server
incorporate Sender.server; those sent by the client incorporate
Sender.client. The value handshake_messages includes all handshake
messages starting at client hello up to, but not including, this
finished message. This may be different from handshake_messages in
Section 7.4.8 because it would include the certificate verify message
(if sent). Also, the handshake_messages for the finished message sent
by the client will be different from that for the finished message
sent by the server, because the one which is sent second will include
the prior one.

Note: Change cipher spec messages, alerts and any other record types
are not handshake messages and are not included in the hash
computations. Also, Hello Request messages are omitted from
handshake hashes.

这是RFC2246中有关Finished消息的一段说明,其中:

“The hash contained in finished messages sent by the server incorporate Sender.server; those sent by the client incorporate Sender.client.”

这句话该怎么理解?这里面所说的Sender.server是指什么?Sender.client呢?
另外协议中定义的handshake_messages包不包括HandshakeType、Version、Length等字段?

我在建立TLS通道最后一步时遇到了不少阻力,请各位多多帮忙,谢谢!

相关的问题:
http://www.cjsdn.net/post/view?bid=6&id=186058&sty=1#186058



flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923