Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
ban đầu bắt tay và gửi một tin nhắn ClientHello mới ở bước 5. ClientHello mới này đề xuất các thông số mã hóa mạnh mẽ hơn, cho phép các máy chủ để lựa chọn bảo mật đầy đủ sức mạnh cho kỳ họp. Hai khía cạnh của phương pháp này để đàm phán lại mật mã bộ là giá trị xây dựng. | Advanced SSL 117 initial handshake and sends a new ClientHello message at step 5. This new ClientHello proposes stronger encryption parameters allowing the server to select full-strength security for the session. Two aspects of this approach to cipher suite renegotiation are worth elaboration. First some of the documentation on Server Gated Cryptography available from Microsoft appears to imply that a special reset message precedes the second ClientHello of step 5. This is not the case at least with versions 4.01 and 5.0 of Internet Explorer. The client simply sends a new ClientHello as soon as it receives the ServerHelloDone. There is nothing special about this ClientHello message. It does not for example include a TCP reset. With Server Gated Cryptography any reset is merely implied by the second ClientHello. Second the SSL standard is not completely clear as to whether the SGC approach is permitted. It is not clearly illegal however and it does work appropriately. Given the widespread deployment of Internet Explorer and Microsoft Web servers the point is probably academic anyway. 5.4 The Transport Layer Security Protocol Although the Secure Sockets Layer protocol was originally developed primarily by Netscape the protocol has become so critical to the operation of the Internet that the Internet Engineering Task Force ietf has with Netscape s blessing taken over future development of SSL standards. For several reasons including a desire to more clearly distinguish SSL from ongoing work with the IP Security ipsec protocol the IETF rechristened the protocol with the name Transport Layer Security or TLS. The TLS specification represents a relatively modest incremental improvement to the SSL protocol. There is far less difference for example between SSL version 3.0 and TLS than there is between SSL versions 2.0 and 3.0. In fact there are really only a few significant changes between SSL and TLS which table 5-2 summarizes. The remainder of this section details these .
