Secure Socket Layer Transport Layer Security
Secure Socket Layer Transport Layer Security
Secure Socket Layer Transport Layer Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Deriving Connection Keys, IVs<br />
Key_Block = PRF master_secret (“key expansion”|| Server_random _<br />
Client_random)<br />
Split Key_Block to ClientMACKey, serverMACKey,<br />
ClientEncryptKey,…(using fixed order)<br />
Server_random<br />
master_secret<br />
PRF<br />
Key_Block<br />
MAC keys Encrypt keys<br />
Client_random<br />
IVs<br />
PRF details differ<br />
btw TLS and SSL3…<br />
SSL Session State Information<br />
Elements<br />
Session ID: ID:<br />
chosen by the server to identify an active or<br />
resumable session state<br />
Peer certificate: certificate:<br />
certificate for peer entity (X.509 v. 3)<br />
Compression method: algorithm to compress data before<br />
encryption<br />
Cipher spec: spec:<br />
specification of data encryption and<br />
Message Authentication Code (MAC) algorithms<br />
Master secret: secret:<br />
48-byte 48 byte secret shared between client and<br />
server<br />
Is resumable: flag that indicates whether the session can<br />
be used to initiate new connections