session_09_vpn__ipsec__and_tls_101908

When a tls client and server first start

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: e client and server security capabilities:secure ID, compression method, and initial random number. Server_hello Phase 2 and 3 Server & Client Authentication and Key Exchange Client_Key_ Server and client exchange Exchange authentication, type of key exchange, Server_Key_ and public-key parameters. Exchange Web Server Generating the Master Secret Keys Client-Shared Master Key Server and client create the shared master key and the cryptographic parameters. Server-Shared Master Key Phase 4 Finish Message Client Finish VPN Client and server exchange Finish Message and a hash of the Finish Message IPsec IKE v2 Server Finish TLS M. Mogollon – 01/08 - 39 • The cryptographic parameters of the session state are produced by the TLS handshake protocol, which operates on top of the TLS record layer. When a TLS client and server first start communicating, they agree on a protocol version, select cryptographic algorithms, authenticate each other (optional), and use public-key encryption techniques to generate shared secrets. • The Handshake Protocol can be divided into four phases. 39 VPN, IPSec and TLS Phase 1 Handshake Protocol Web Server Phase 1 Establishing Security Capabilities Client Client_Hello 1. A ClientHello.random number (28 bytes), which is used later in the protocol; 2. A CipherSuite list containing the combinations of cryptographic algorithms supported by the client (in order of the client's preference, first choice first); 3. A list of the compression methods supported by the client, sorted by client preference. Server_hello 1. A ServerHello.random number (28 bytes), different from the one sent by the client; 2. A CipherSuite list containing the combinations of cryptographic algorithms supported by the server (in order of the server's preference, first choice first); 3. A list of the compression methods supported by the server, sorted by the server. When the client sends a client_hello message, the server must When the client sends a client_hello message, the server must respond...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online