Illustrates SSL / TLS protocol
Tencent college classroom thanks NEXT sponsored site, Tencent official front-end courses free trial to learn.
http://www.ruanyifeng.com/blog/2014/09/illustration-ssl.html
This week, CloudFlare announced the availability Keyless service that you put the site on their CDN, do not provide their own private key can be encrypted using SSL link.
I read the instructions CloudFlare ( here and here ), suddenly realized that this is an excellent example, can be used to illustrate the SSL / TLS protocol operation mechanism. It is equipped with illustrations and easy to follow.
Now, I use these pictures as an example, with six months ago I wrote "Overview of SSL / TLS protocol operation mechanism" to explain the SSL protocol.
First, the SSL handshake protocol
Before you start encrypted communications, the client and server must first establish a connection and exchange parameters, this process is called Handshake (handshake).
Assume that the client is called Alice, Bob called the server, the whole process can shake hands following figure illustrates (click to enlarge).
Handshake stage is divided into five steps.
The first step, Alice given protocol version number, a client encryption method to generate a random number (Client random), and supported by the client.
The second step, both Bob confirm the encryption method used, and gives a digital certificate, and a random number generated by the server (Server random).
The third step, Alice confirmed that the digital certificate is valid, then generate a new random number (Premaster secret), and using the public key of the digital certificate, the encrypted random number sent to Bob.
第四步,鲍勃使用自己的私钥,获取爱丽丝发来的随机数(即Premaster secret)。
第五步,爱丽丝和鲍勃根据约定的加密方法,使用前面的三个随机数,生成"对话密钥"(session key),用来加密接下来的整个对话过程。
上面的五步,画成一张图,就是下面这样。
二、私钥的作用
握手阶段有三点需要注意。
(1)生成对话密钥一共需要三个随机数。
(2)握手之后的对话使用"对话密钥"加密(对称加密),服务器的公钥和私钥只用于加密和解密"对话密钥"(非对称加密),无其他作用。
(3)服务器公钥放在服务器的数字证书之中。
从上面第二点可知,整个对话过程中(握手阶段和其后的对话),服务器的公钥和私钥只需要用到一次。这就是CloudFlare能够提供Keyless服务的根本原因。
某些客户(比如银行)想要使用外部CDN,加快自家网站的访问速度,但是出于安全考虑,不能把私钥交给CDN服务商。这时,完全可以把私钥留在自家服务器,只用来解密对话密钥,其他步骤都让CDN服务商去完成。
上图中,银行的服务器只参与第四步,后面的对话都不再会用到私钥了。
三、DH算法的握手阶段
整个握手阶段都不加密(也没法加密),都是明文的。因此,如果有人窃听通信,他可以知道双方选择的加密方法,以及三个随机数中的两个。整个通话的安全,只取决于第三个随机数(Premaster secret)能不能被破解。
虽然理论上,只要服务器的公钥足够长(比如2048位),那么Premaster secret可以保证不被破解。但是为了足够安全,我们可以考虑把握手阶段的算法从默认的RSA算法,改为 Diffie-Hellman算法(简称DH算法)。
采用DH算法后,Premaster secret不需要传递,双方只要交换各自的参数,就可以算出这个随机数。
Figure above, the third step and the fourth step is transferred into the parameters required by the DH algorithm transfer Premaster secret, and their respective calculated Premaster secret. This improves security.
Four, session restore
Handshake used to establish an SSL connection. If for some reason, the dialogue is interrupted, you need to shake hands.
Then there are two ways to restore the original session: called session ID, the other is called the session ticket.
I thought the session ID is simply that every conversation has a number (session ID). If the conversation is interrupted, reconnect the next time, as long as clients are given this number, and the server has the record number, the two sides can re-use existing "session key", without having to rebuild one.
Figure above, given client session ID, the server confirms the number exists, the two sides are no longer remaining step handshake carried out, direct communication existing encrypted session key.
session ID is currently supported by all browsers method, but it has the disadvantage that the session ID is often only remain on a single server. So, if the client requests sent to another server, it can not resume dialogue. session ticket is to solve this problem born, only Firefox and Chrome browsers.
The figure above, the client does not send session ID, but sending a server sent over during the last dialogue session ticket. The session ticket is encrypted, only the server can decrypt, including the main message of this dialogue, such as the session key and encryption methods. When the server receives a session ticket, after having to regenerate the session key to decrypt the.
(Finish)