Secure Socket Layer Transport Layer Security
Secure Socket Layer Transport Layer Security
Secure Socket Layer Transport Layer Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Phase 2 – Server Authentication<br />
Client Server<br />
Client hello<br />
server hello<br />
certificate<br />
Server_key_exchange<br />
Certificate_request<br />
Server_hello_done<br />
certificate<br />
Client_key_exchange<br />
Certificate_verify<br />
Change_cipher_spec<br />
finished<br />
Change_cipher_Spec<br />
finished<br />
Phase 2 – Server Authentication and (optional)<br />
Server Key-Exchange<br />
Server sends its certificate<br />
It sends one or a chain of X.509<br />
certificates<br />
Optional Server_key_exchange message<br />
Used in Diffie-Hellman key exchange<br />
Not used in RSA key exchange<br />
Optional certificate_request message:<br />
for client authentication<br />
server_done<br />
Phase 3 – Client Key-Exchange<br />
Key Exchange<br />
Client Server<br />
Client hello<br />
server hello<br />
certificate<br />
Server_key_exchange<br />
Certificate_request<br />
Server_hello_done<br />
certificate<br />
Client_key_exchange<br />
Certificate_verify<br />
Change_cipher_spec<br />
finished<br />
Change_cipher_Spec<br />
finished<br />
Phase 3 – Client Key-Exchange and (optional)<br />
Client Authentication<br />
The client verifies the server’s certificate and<br />
sends its side of the key exchange<br />
In Diffie-Hellman: the D-H key share<br />
In RSA: encryption of random string<br />
If client authentication used (rarely): client sends<br />
certificate (but most clients don’t have<br />
certificates)