![]() |
![]()
![]() ![]() ![]()
![]() |
![]() |
Previous page | Next page | Contents Appendix EE. Version 2.0 Backward CompatibilityVersion 3.0 clients that support Version 2.0 servers must send Version 2.0 client hello messages [SSL-2]. Version 3.0 servers should accept either client hello format. The only deviations from the Version 2.0 specification are the ability to specify a version with a value of three and the support for more ciphering types in the CipherSpec.Warning: The ability to send Version 2.0 client hello messages will be phased out with all due haste. Implementors should make every effort to move forward as quickly as possible. Version 3.0 provides better mechanisms for transitioning to newer versions. The following cipher specifications are carryovers from SSL Version 2.0. These are assumed to use RSA for key exchange and authentication. V2CipherSpec SSL_RC4_128_WITH_MD5 = { 0x01,0x00,0x80 }; V2CipherSpec SSL_RC4_128_EXPORT40_WITH_MD5 = { 0x02,0x00,0x80 }; V2CipherSpec SSL_RC2_CBC_128_CBC_WITH_MD5 = { 0x03,0x00,0x80 }; V2CipherSpec SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 = { 0x04,0x00,0x80 }; V2CipherSpec SSL_IDEA_128_CBC_WITH_MD5 = { 0x05,0x00,0x80 }; V2CipherSpec SSL_DES_64_CBC_WITH_MD5 = { 0x06,0x00,0x40 }; V2CipherSpec SSL_DES_192_EDE3_CBC_WITH_MD5 = { 0x07,0x00,0xC0 }; Cipher specifications introduced in Version 3.0 can be included in Version 2.0 client hello messages using the syntax below. Any V2CipherSpec element with its first byte equal to zero will be ignored by Version 2.0 servers. Clients sending any of the above V2CipherSpecs should also include the Version 3.0 equivalent (see Appendix A.6): V2CipherSpec (see Version 3.0 name) = { 0x00, CipherSuite };
uint8 V2CipherSpec[3]; struct { uint8 msg_type; Version version; uint16 cipher_spec_length; uint16 session_id_length; uint16 challenge_length; V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length]; opaque session_id[V2ClientHello.session_id_length]; Random challenge; } V2ClientHello;
Note: Requests to resume an SSL 3.0 session should use an SSL 3.0 client hello.
When SSL Version 3.0 clients fall back to Version 2.0 compatibility mode, they use special PKCS #1 block formatting. This is done so that Version 3.0 servers will reject Version 2.0 sessions with Version 3.0-capable clients. When Version 3.0 clients are in Version 2.0 compatibility mode, they set the right-hand (least-significant) 8 random bytes of the PKCS padding (not including the terminal null of the padding) for the RSA encryption of the ENCRYPTED-KEY-DATA field of the CLIENT-MASTER-KEY to 0x03 (the other padding bytes are random). After decrypting the ENCRYPTED-KEY-DATA field, servers that support SSL 3.0 should issue an error if these eight padding bytes are 0x03. Version 2.0 servers receiving blocks padded in this manner will proceed normally. |
||||||||||||||||
With any suggestions or questions please feel free to contact us |