In: Computer Science
List all the items sent from Client only, involved in establishing an SSL session, assuming the followings:
o A new session is to be established
o No compression method is to be used
o Key exchange method is RSA
o Authentication of client is required
The SSL handshake protocol is one of the defined higher level clients of the SSL record protocol. This protocol is used to negotiate the secure attributes of a session. Handshake messages are supplied to the SSL record layer, where they are encapsulated within one or more SSLPlaintext structures, which are processed and transmitted as specified by the current active session state.
Client Server ClientHello --------> ServerHello [change cipher spec] <-------- Finished change cipher spec Finished --------> Application Data <-------> Application Data
When RSA is used for server authentication and key exchange, a 48-byte pre_master_secret is generated by the client, encrypted under the server's public key, and sent to the server. The server uses its private key to decrypt the pre_master_secret. Both parties then convert the pre_master_secret into the master_secret. master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret +ClientHello.random + ServerHello.random)) +MD5(pre_master_secret + SHA('BB' + pre_master_secret +ClientHello.random + ServerHello.random)) +MD5(pre_master_secret + SHA('CCC' + pre_master_secret +ClientHello.random + ServerHello.random));
When a client first connects to a server it is required to send the client hello as its first message. The client can also send a client hello in response to a hello request or on its own initiative in order to renegotiate the security parameters in an existing connection. The client hello message includes a random structure.
The structure of the client hello is as follows. struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-1>; CompressionMethod compression_methods<1..2^8-1>; } ClientHello;