Java开发网 |
注册 |
登录 |
帮助 |
搜索 |
排行榜 |
发帖统计
|
您没有登录 |
» Java开发网 » Java Security
打印话题 寄给朋友 订阅主题 |
作者 | [求助]RFC2246中的一段话,怎么理解? |
josephzy
发贴: 2 积分: 0 |
于 2006-12-17 23:43
7.4.9. Finished When this message will be sent: A finished message is always sent immediately after a change cipher spec message to verify that the key exchange and authentication processes were successful. It is essential that a change cipher spec message be received between the other handshake messages and the Finished message. Meaning of this message: The finished message is the first protected with the just- negotiated algorithms, keys, and secrets. Recipients of finished messages must verify that the contents are correct. Once a side has sent its Finished message and received and validated the Finished message from its peer, it may begin to send and receive application data over the connection. struct { opaque verify_data[12]; } Finished; verify_data PRF(master_secret, finished_label, MD5(handshake_messages) + SHA-1(handshake_messages)) [0..11]; finished_label For Finished messages sent by the client, the string "client finished". For Finished messages sent by the server, the string "server finished". handshake_messages All of the data from all handshake messages up to but not including this message. This is only data visible at the handshake layer and does not include record layer headers. Dierks & Allen Standards Track [Page 46] RFC 2246 The TLS Protocol Version 1.0 January 1999 This is the concatenation of all the Handshake structures as defined in 7.4 exchanged thus far. It is a fatal error if a finished message is not preceded by a change cipher spec message at the appropriate point in the handshake. The hash contained in finished messages sent by the server incorporate Sender.server; those sent by the client incorporate Sender.client. The value handshake_messages includes all handshake messages starting at client hello up to, but not including, this finished message. This may be different from handshake_messages in Section 7.4.8 because it would include the certificate verify message (if sent). Also, the handshake_messages for the finished message sent by the client will be different from that for the finished message sent by the server, because the one which is sent second will include the prior one. Note: Change cipher spec messages, alerts and any other record types are not handshake messages and are not included in the hash computations. Also, Hello Request messages are omitted from handshake hashes. 这是RFC2246中有关Finished消息的一段说明,其中: “The hash contained in finished messages sent by the server incorporate Sender.server; those sent by the client incorporate Sender.client.” 这句话该怎么理解?这里面所说的Sender.server是指什么?Sender.client呢? 另外协议中定义的handshake_messages包不包括HandshakeType、Version、Length等字段? 我在建立TLS通道最后一步时遇到了不少阻力,请各位多多帮忙,谢谢! 相关的问题: http://www.cjsdn.net/post/view?bid=6&id=186058&sty=1#186058 |
已读帖子 新的帖子 被删除的帖子 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |