本文解析了SSLv2与SSLv3握手过程中客户端发送的Hello消息的细节,解释了为何客户端使用SSLv2格式的Hello消息,同时表明其支持SSLv3协议,以实现与服务器更安全的通信。
question and answer:
1. why HandShake send SSLv2 client hello
"The client sends a SSLv2 ClientHello so that a server who understands only SSLv2 can process that message, and continue with a SSLv2 handshake. But the SSLv2 ClientHello also says "by the way, I know SSLv3, so if you know SSLv3 too, let's do SSLv3 instead of SSLv2", which is what usually happens (servers who know only of SSLv2 are extremely rare nowadays)."
在client 向sever 发起SSL连接的时候,通过wireshark抓取client的包,发现SSL层的信息如下所示。其实是client告诉server它再用sslv2 format的hello message,然后它支持的最高协议是在version里定义的SSL3.0, 如果server端也支持的话,让我们用SSL v3 来进行通信。
SSLv2 Record Layer: Client Hello
[Version: SSL 2.0 (0x0002)] <---------------------
Length: 76
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300) <---------------------
Cipher Spec Length: 51
Session ID Length: 0
Challenge Length: 16
Cipher Specs (17 specs)
Challenge
扫一扫
1526
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
