Professional Documents
Culture Documents
s dng c cn c Web Server h tr TLS (IIS, Tomcat, Apache ..) Trnh duyt h tr TLS
Firefox Internet Explorer Opera Sarafi Vv..
Giao thc TLS L mt giao thc trn tng vn ti Hot ng da trn s giao thc truyn tin cy H tr mi giao thc ng dng trn tng IP
HTTP
FTP
LDAP
Vn m bo bo mt ca TLS M ho cc thng ip truyn i S dng cc m ho quy c vi cc kho chia s S dng cc thut ton
DES, 3DES RC2, RC4 IDEA
A Message
$%&#!@
B Message
Vn trao i kho trong TLS TLS cn phng php an ton trao i kho b mt v n s dng h mt kho cng khai thc hin iu ny H mt thng thng c s dng l RSA hoc Diffie-Hellman
TLS m bo tnh ton vn Bn nhn to ra mt gi tr MAC mi v so snh vi gi tr MAC c truyn th thng ip mi c coi l ton vn TLS s dng cc hm bm MD5, SHA-1
A Message MAC
B Message MAC
MAC =?
TLS m bo tnh xc thc Kim tra danh tnh ca thnh phn tham gia truyn thng Chng ch c s dng ng b nh danh vi kho cng khai v cc thuc tnh khc
A Certificate
B Certificate
Kin trc ca TLS TLS nh ngha cc bn ghi (record protocol) truyn thng tin ca ng dng v ca TLS Phin lm vic c thit lp s dng giao thc bt tay (HandShake Protocol)
Handshake Protocol
Alert Protocol
Pha bt tay Thng ip Hello Thng ip trao i kho v chng ch Thay i CiperSpec v gi thng ip kt thc pha bt tay v chuyn sang qu trnh truyn d liu
Hello
Client Hello - Khi to phin lm vic
Gi thng tin phin bn giao thc Thng tin v b m ho s dng Server chn giao thc v b m ho ph hp
Trao i kho Server gi chng ch cha kho cng khai (RSA) hoc tham s ca Diffie-Hellman Client to ra 48-byte ngu nhin gi ti Server s dng kho cng khai ca server Mm kho b mt c tnh ton
S dng cc gi tr b mt truyn trong thng ip Hello gia Server v Client
Chng ch kho cng khai Chng ch X.509 ng b kho cng khai vi nh danh ngi dng Trung tm CA to ra chng ch
Da vo cc chnh sch v cc nh danh c xc nhn K ln chng ch
Algorithm Value Issuer Unique Id (Version 2 ,3) Subject Unique Id (Version 2,3) Extensions (version 3)
optional
CA digital Signature
K ln chng ch
K bng RSA
To ra hm bm ca chng ch M ho s dng kho b mt ca CA
Server
struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; } ServerHello;
Yu cu chng ch
Client ClientHello ServerHello Certificate ServerKeyExchange CertificateRequest Server
struct { select (KeyExchangeAlgorithm) { case diffie_hellman: ServerDHParams params; Signature signed_params; case rsa: ServerRSAParams params; Signature signed_params; }; } ServerKeyExchange
Chng ch Client
Client ClientHello ClientCertificate ClientKeyExchange ServerHello Certificate ServerKeyExchange CertificateRequest Server
struct { select (KeyExchangeAlgorithm) { case rsa: EncryptedPreMasterSecret; case diffie_hellman: DiffieHellmanClientPublicValue; } exchange_keys; } ClientKeyExchange;
Thng nht thut ton m ha s dng Tho thun thut ton m ho s dng Kt thc
Gi bn sao chp ca pha bt tay s dng phin lm vic mi Cho php kim tra tnh ng n ca pha bt tay