session_09_vpn__ipsec__and_tls_101908

The clienthello message to the server includes these

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: with a server_hello message, or else a fatal error will occur respond with a server_hello message, or else a fatal error will occur and the connection will fail. and the connection will fail. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 40 • Client_hello and server_hello messages are used to establish security enhancement capabilities between client and server. The client_hello and server_hello establish the following attributes: protocol version, session_ID, cipher_suites, and compression_method. Additionally, two random values are generated and exchanged: ClientHello.random and ServerHello.random. • When a client first connects to a server, it is required to send the client_hello as its first message. The client can also send a client_hello in response to a server_hello request. The client_hello message to the server includes these elements: • Client_version: The version of the TLS or SSL protocol by which the client wishes to communicate during this session. This should be the most recent (highest valued) version supported by the client. • Random: A client-generated random structure that consists of (1) The current time and date in standard UNIX in a 32-bit format, according to the sender's internal clock; and (2) 28 bytes generated by a secure random number generator. These values serve as nonces and are used to detect replay attacks during key exchanges. • Cipher_suites: This is a list of cryptographic algorithm options supported by the client (in order of the client's preference, first choice first). Each cipher suite defines a key exchange algorithm, a symmetric encryption algorithm (including secret key length), and a MAC algorithm. The server will select a cipher suite or, if no acceptable choices are presented, return a handshake failure alert and close the connection. The cryptographic options supported by the client are sorted with the client's first preference first. The cipher_suites have two sections: (1) The type of key exchange supported; and (2) Information about encryption algorithms a...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online