Table of Contents
Advertisement
If the server has requested client authentication, the server attempts to
6.
authenticate the client (for details, see "Client Authentication," which begins
on page 841). If the client cannot be authenticated, the session is terminated. If
the client can be successfully authenticated, the server uses its private key to
decrypt the premaster secret, then performs a series of steps (which the client
also performs, starting from the same premaster secret) to generate the master
secret.
Both the client and the server use the master secret to generate the session keys,
7.
which are symmetric keys used to encrypt and decrypt information exchanged
during the SSL session and to verify its integrity—that is, to detect any changes
in the data between the time it was sent and the time it is received over the SSL
connection.
The client sends a message to the server informing it that future messages from
8.
the client will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the client portion of the handshake is
finished.
The server sends a message to the client informing it that future messages from
9.
the server will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the server portion of the handshake is
finished.
The SSL handshake is now complete, and the SSL session has begun. The client
10.
and the server use the session keys to encrypt and decrypt the data they send
to each other and to validate its integrity.
Before continuing with the session, Netscape servers can be configured to check
that the client's certificate is present in the user's entry in an LDAP directory. This
configuration option provides one way of ensuring that the client's certificate has
not been revoked.
It's important to note that both client and server authentication involve encrypting
some piece of data with one key of a public-private key pair and decrypting it with
the other key:
•
In the case of server authentication, the client encrypts the premaster secret
with the server's public key. Only the corresponding private key can correctly
decrypt the secret, so the client has some assurance that the identity associated
with the public key is in fact the server with which the client is connected.
Otherwise, the server cannot decrypt the premaster secret and cannot generate
the symmetric keys required for the session, and the session will be terminated.
The SSL Handshake
Appendix K
Introduction to SSL
837
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN