Online Documentation Server
Net technology
Web technology
Data bases
Other docs



Вся предоставленная на этом сервере информация собрана нами из разных источников. Если Вам кажется, что публикация каких-то документов нарушает чьи-либо авторские права, сообщите нам об этом.

Previous page | Next page | Contents

Appendix A

A. Protocol constant values

This section describes protocol types and constants.

A.1 Reserved port assignments

At the present time SSL is implemented using TCP/IP as the base networking technology. The IANA reserved the following Internet Protocol [IP] port numbers for use in conjunction with SSL.

443 - Reserved for use by Hypertext Transfer Protocol with SSL (https).

465 - Reserved (pending) for use by Simple Mail Transfer Protocol with SSL (ssmtp).

563 - Reserved (pending) for use by Network News Transfer Protocol (snntp).

A.1.1 Record layer

struct {
        uint8 major, minor;
} ProtocolVersion;

ProtocolVersion version = { 3,0 };      /* Define SSL version 3.0 */

enum {
        change_cipher_spec(20), alert(21), handshake(22),
        application_data(23), (255)
} ContentType;

struct {
        ContentType type;
        ProtocolVersion version;
        uint16 length;
        opaque fragment[SSLPlaintext.length];
} SSLPlaintext;

struct {
        ContentType type;               /* same as SSLPlaintext.type */
        ProtocolVersion version;        /* same as SSLPlaintext.version */
        uint16 length;
        opaque fragment[SSLCompressed.length];
} SSLCompressed;

struct {
        ContentType type;
        ProtocolVersion version;
        uint16 length;
        select (CipherSpec.cipher_type) {
            case stream: GenericStreamCipher;
            case block: GenericBlockCipher;
        } fragment;
} SSLCiphertext;

stream-ciphered struct {
          opaque content[SSLCompressed.length];
          opaque MAC[CipherSpec.hash_size];
} GenericStreamCipher;

block-ciphered struct {
        opaque content[SSLCompressed.length];
        opaque MAC[CipherSpec.hash_size];
        uint8 padding[GenericBlockCipher.padding_length];
        uint8 padding_length;
} GenericBlockCipher;

A.2 Change cipher specs message

struct {
        enum { change_cipher_spec(1), (255) } type;
} ChangeCipherSpec;

A.3 Alert messages

enum { warning(1), fatal(2), (255) } AlertLevel;
enum {
        handshake_failure(40), no_certificate(41), bad_certificate(42),
            unsupported_certificate(43), certificate_revoked(44),
            certificate_expired(45), certificate_unknown(46),
            illegal_parameter (47),
} AlertDescription;

struct {
        AlertLevel level;
        AlertDescription description;
} Alert;

A.4 Handshake protocol

enum {
        hello_request(0), client_hello(1), server_hello(2),
        certificate(11), server_key_exchange (12), certificate_request(13),
        server_done(14), certificate_verify(15), client_key_exchange(16),
        finished(20), (255)
} HandshakeType;

struct {
        HandshakeType msg_type;         /* type of handshake message */
        uint24 length;  /* # bytes in handshake msg body */
        select (HandshakeType) {
            case hello_request: HelloRequest;
            case client_hello: ClientHello;
            case server_hello: ServerHello;
            case certificate: Certificate;
            case server_key_exchange: ServerKeyExchange;
            case certificate_request: CertificateRequest;
            case server_done: ServerHelloDone;
            case certificate_verify: CertificateVerify;
            case client_key_exchange: ClientKeyExchange;
            case finished: Finished;
        } body;
} Handshake;

A.4.1 Hello messages

struct { } HelloRequest;

struct {
   uint32 gmt_unix_time;
   opaque random_bytes[28];
} Random;

opaque SessionID<0..32>;
uint8 CipherSuite[2];
enum { null(0), (255) } CompressionMethod;

struct {
        ProtocolVersion client_version;
        Random random;
        SessionID session_id;
        CipherSuite cipher_suites<0..216-1>;
        CompressionMethod compression_methods<0..28-1>;
} ClientHello;

struct {
        ProtocolVersion server_version;
        Random random;
        SessionID session_id;
        CipherSuite cipher_suite;
        CompressionMethod compression_method;
} ServerHello;

A.4.2 Server authentication and key exchange messages

opaque ASN.1Cert<224-1>;

struct {
        ASN.1Cert certificate_list<1..224-1>;
} Certificate;

enum { rsa, diffie_hellman, fortezza_dms } KeyExchangeAlgorithm;

struct {
        opaque RSA_modulus<1..216-1>;
        opaque RSA_exponent<1..216-1>;
} ServerRSAParams;

struct {
        opaque DH_p<1..216-1>;
        opaque DH_g<1..216-1>;
        opaque DH_Ys<1..216-1>;
} ServerDHParams;

struct {
        opaque r_s [128]
} ServerFortezzaParams

struct {
        select (KeyExchangeAlgorithm) {
            case diffie_hellman:
                  ServerDHParams params;
                  Signature signed_params;
            case rsa:
                  ServerRSAParams params;
                  Signature signed_params;
            case fortezza_dms:
                  ServerFortezzaParams params;
} ServerKeyExchange;

enum { anonymous, rsa, dsa } SignatureAlgorithm;

digitally-signed struct {
        select(SignatureAlgorithm) {
             case anonymous: struct { };
             case rsa:
                  opaque md5_hash[16];
                  opaque sha_hash[20];
             case dsa:
                  opaque sha_hash[20];
} Signature;

enum {
        RSA_sign(1), DSS_sign(2), RSA_fixed_DH(3), DSS_fixed_DH(4),
        RSA_ephemeral_DH(5), DSS_ephemeral_DH(6), Fortezza_dms(20), (255)
} CertificateType;

opaque DistinguishedName<3..216-1>;

struct {
        CertificateType certificate_types<1..28-1>;
        DistinguishedName certificate_authorities<3..216-1>;
} CertificateRequest;
struct { } ServerHelloDone;

A.5 Client authentication and key exchange messages

struct {
        select (KeyExchangeAlgorithm) {
            case rsa: EncryptedPreMasterSecret;
            case diffie_hellman: DiffieHellmanClientPublicValue;
            case fortezza_dms: FortezzaKeys;
        } exchange_keys;
} ClientKeyExchange;

struct {
        ProtocolVersion client_version;
        opaque random[46];
} PreMasterSecret;

struct {
        public-key-encrypted PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;

struct {
        opaque y_c<0..128>;
        opaque r_c[128];
        opaque y_signature[20];
        opaque wrapped_client_write_key[12];
        opaque wrapped_server_write_key[12];
        opaque client_write_iv[24];
        opaque server_write_iv[24];
        opaque master_secret_iv[24];
        opaque encrypted_preMasterSecret[48];
} FortezzaKeys;

enum { implicit, explicit } PublicValueEncoding;

struct {
        select (PublicValueEncoding) {
            case implicit: struct {};
            case explicit: opaque DH_Yc<1..216-1>;
        } dh_public;
} ClientDiffieHellmanPublic;

        struct {
             Signature signature;
        } CertificateVerify;

A.5.1 Handshake finalization message

struct {
        opaque md5_hash[16];
        opaque sha_hash[20];
} Finished;

A.6 The CipherSuite

The following values define the CipherSuite codes used in the client hello and server hello messages.

A CipherSuite defines a cipher specifications supported in SSL Version 3.0.

CipherSuite SSL_NULL_WITH_NULL_NULL                     = { 0x00,0x00 };

The following CipherSuite definitions require that the server provide an RSA certificate that can be used for key exchange. The server may request either an RSA or a DSS signature-capable certificate in the certificate request message.

CipherSuite SSL_RSA_WITH_NULL_MD5                       = { 0x00,0x01 };
CipherSuite SSL_RSA_WITH_NULL_SHA                       = { 0x00,0x02 };
CipherSuite SSL_RSA_EXPORT_WITH_RC4_40_MD5              = { 0x00,0x03 };
CipherSuite SSL_RSA_WITH_RC4_128_MD5                    = { 0x00,0x04 };
CipherSuite SSL_RSA_WITH_RC4_128_SHA                    = { 0x00,0x05 };
CipherSuite SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5          = { 0x00,0x06 };
CipherSuite SSL_RSA_WITH_IDEA_CBC_SHA                   = { 0x00,0x07 };
CipherSuite SSL_RSA_EXPORT_WITH_DES40_CBC_SHA           = { 0x00,0x08 };
CipherSuite SSL_RSA_WITH_DES_CBC_SHA                    = { 0x00,0x09 };
CipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA               = { 0x00,0x0A };

The following CipherSuite definitions are used for server-authenticated (and optionally client-authenticated) Diffie-Hellman. DH denotes cipher suites in which the server's certificate contains the Diffie-Hellman parameters signed by the certificate authority (CA). DHE denotes ephemeral Diffie-Hellman, where the Diffie-Hellman parameters are signed by a DSS or RSA certificate, which has been signed by the CA. The signing algorithm used is specified after the DH or DHE parameter. In all cases, the client must have the same type of certificate, and must use the Diffie-Hellman parameters chosen by the server.

CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA        = { 0x00,0x0B };
CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA                 = { 0x00,0x0C };
CipherSuite SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA            = { 0x00,0x0D };
CipherSuite SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA        = { 0x00,0x0E };
CipherSuite SSL_DH_RSA_WITH_DES_CBC_SHA                 = { 0x00,0x0F };
CipherSuite SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA            = { 0x00,0x10 };
CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA       = { 0x00,0x11 };
CipherSuite SSL_DHE_DSS_WITH_DES_CBC_SHA                = { 0x00,0x12 };
CipherSuite SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA           = { 0x00,0x13 };
CipherSuite SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA       = { 0x00,0x14 };
CipherSuite SSL_DHE_RSA_WITH_DES_CBC_SHA                = { 0x00,0x15 };
CipherSuite SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA           = { 0x00,0x16 };

The following cipher suites are used for completely anonymous Diffie-Hellman communications in which neither party is authenticated. Note that this mode is vulnerable to man-in-the-middle attacks and is therefore strongly discouraged.

CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5          = { 0x00,0x17 };
CipherSuite SSL_DH_anon_WITH_RC4_128_MD5                = { 0x00,0x18 };
CipherSuite SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA       = { 0x00,0x19 };
CipherSuite SSL_DH_anon_WITH_DES_CBC_SHA                = { 0x00,0x1A };
CipherSuite SSL_DH_anon_WITH_3DES_EDE_CBC_SHA           = { 0x00,0x1B };

The final cipher suite is for the Fortezza token.

CipherSuite SSL_FORTEZZA_DMS_WITH_NULL_SHA              = { 0X00,0X1C };
CipherSuite SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA      = { 0x00,0x1D };

Note: All cipher suites whose first byte is 0xFF are considered private and can be used for defining local/experimental algorithms. Interoperability of such types is a local matter.

Note: Additional cipher suites will be considered for implementation only with submission of notarized letters from two independent entities. Netscape Communications Corp. will act as an interim registration office, until a public standards body assumes control of SSL.

A.7 The CipherSpec

A cipher suite identifies a CipherSpec. These structures are part of the SSL session state. The CipherSpec includes:

enum { stream, block } CipherType;
enum { true, false } IsExportable;
enum { null, rc4, rc2, des, 3des, des40, fortezza } BulkCipherAlgorithm;
enum { null, md5, sha } MACAlgorithm;

struct {
        BulkCipherAlgorithm bulk_cipher_algorithm;
        MACAlgorithm mac_algorithm;
        CipherType cipher_type;
        IsExportable is_exportable
        uint8 hash_size;
        uint8 key_material;
        uint8 IV_size;
} CipherSpec;

Previous page | Next page | Contents

With any suggestions or questions please feel free to contact us