|
|
|
Previous page | Next page | Contents Appendix AA. Protocol constant valuesThis section describes protocol types and constants.A.1 Reserved port assignmentsAt the present time SSL is implemented using TCP/IP as the base networking technology. The IANA reserved the following Internet Protocol [IP] port numbers for use in conjunction with SSL.443 - Reserved for use by Hypertext Transfer Protocol with SSL (https). 465 - Reserved (pending) for use by Simple Mail Transfer Protocol with SSL (ssmtp). 563 - Reserved (pending) for use by Network News Transfer Protocol (snntp).
struct {
uint8 major, minor;
} ProtocolVersion;
ProtocolVersion version = { 3,0 }; /* Define SSL version 3.0 */
enum {
change_cipher_spec(20), alert(21), handshake(22),
application_data(23), (255)
} ContentType;
struct {
ContentType type;
ProtocolVersion version;
uint16 length;
opaque fragment[SSLPlaintext.length];
} SSLPlaintext;
struct {
ContentType type; /* same as SSLPlaintext.type */
ProtocolVersion version; /* same as SSLPlaintext.version */
uint16 length;
opaque fragment[SSLCompressed.length];
} SSLCompressed;
struct {
ContentType type;
ProtocolVersion version;
uint16 length;
select (CipherSpec.cipher_type) {
case stream: GenericStreamCipher;
case block: GenericBlockCipher;
} fragment;
} SSLCiphertext;
stream-ciphered struct {
opaque content[SSLCompressed.length];
opaque MAC[CipherSpec.hash_size];
} GenericStreamCipher;
block-ciphered struct {
opaque content[SSLCompressed.length];
opaque MAC[CipherSpec.hash_size];
uint8 padding[GenericBlockCipher.padding_length];
uint8 padding_length;
} GenericBlockCipher;
A.2 Change cipher specs message
struct {
enum { change_cipher_spec(1), (255) } type;
} ChangeCipherSpec;
A.3 Alert messages
enum { warning(1), fatal(2), (255) } AlertLevel;
enum {
close_notify(0),
unexpected_message(10),
bad_record_mac(20),
decompression_failure(30),
handshake_failure(40), no_certificate(41), bad_certificate(42),
unsupported_certificate(43), certificate_revoked(44),
certificate_expired(45), certificate_unknown(46),
illegal_parameter (47),
(255)
} AlertDescription;
struct {
AlertLevel level;
AlertDescription description;
} Alert;
enum {
hello_request(0), client_hello(1), server_hello(2),
certificate(11), server_key_exchange (12), certificate_request(13),
server_done(14), certificate_verify(15), client_key_exchange(16),
finished(20), (255)
} HandshakeType;
struct {
HandshakeType msg_type; /* type of handshake message */
uint24 length; /* # bytes in handshake msg body */
select (HandshakeType) {
case hello_request: HelloRequest;
case client_hello: ClientHello;
case server_hello: ServerHello;
case certificate: Certificate;
case server_key_exchange: ServerKeyExchange;
case certificate_request: CertificateRequest;
case server_done: ServerHelloDone;
case certificate_verify: CertificateVerify;
case client_key_exchange: ClientKeyExchange;
case finished: Finished;
} body;
} Handshake;
struct { } HelloRequest;
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
opaque SessionID<0..32>;
uint8 CipherSuite[2];
enum { null(0), (255) } CompressionMethod;
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<0..216-1>;
CompressionMethod compression_methods<0..28-1>;
} ClientHello;
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
} ServerHello;
opaque ASN.1Cert<224-1>;
struct {
ASN.1Cert certificate_list<1..224-1>;
} Certificate;
enum { rsa, diffie_hellman, fortezza_dms } KeyExchangeAlgorithm;
struct {
opaque RSA_modulus<1..216-1>;
opaque RSA_exponent<1..216-1>;
} ServerRSAParams;
struct {
opaque DH_p<1..216-1>;
opaque DH_g<1..216-1>;
opaque DH_Ys<1..216-1>;
} ServerDHParams;
struct {
opaque r_s [128]
} ServerFortezzaParams
struct {
select (KeyExchangeAlgorithm) {
case diffie_hellman:
ServerDHParams params;
Signature signed_params;
case rsa:
ServerRSAParams params;
Signature signed_params;
case fortezza_dms:
ServerFortezzaParams params;
};
} ServerKeyExchange;
enum { anonymous, rsa, dsa } SignatureAlgorithm;
digitally-signed struct {
select(SignatureAlgorithm) {
case anonymous: struct { };
case rsa:
opaque md5_hash[16];
opaque sha_hash[20];
case dsa:
opaque sha_hash[20];
};
} Signature;
enum {
RSA_sign(1), DSS_sign(2), RSA_fixed_DH(3), DSS_fixed_DH(4),
RSA_ephemeral_DH(5), DSS_ephemeral_DH(6), Fortezza_dms(20), (255)
} CertificateType;
opaque DistinguishedName<3..216-1>;
struct {
CertificateType certificate_types<1..28-1>;
DistinguishedName certificate_authorities<3..216-1>;
} CertificateRequest;
struct { } ServerHelloDone;
struct {
select (KeyExchangeAlgorithm) {
case rsa: EncryptedPreMasterSecret;
case diffie_hellman: DiffieHellmanClientPublicValue;
case fortezza_dms: FortezzaKeys;
} exchange_keys;
} ClientKeyExchange;
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
struct {
public-key-encrypted PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;
struct {
opaque y_c<0..128>;
opaque r_c[128];
opaque y_signature[20];
opaque wrapped_client_write_key[12];
opaque wrapped_server_write_key[12];
opaque client_write_iv[24];
opaque server_write_iv[24];
opaque master_secret_iv[24];
opaque encrypted_preMasterSecret[48];
} FortezzaKeys;
enum { implicit, explicit } PublicValueEncoding;
struct {
select (PublicValueEncoding) {
case implicit: struct {};
case explicit: opaque DH_Yc<1..216-1>;
} dh_public;
} ClientDiffieHellmanPublic;
struct {
Signature signature;
} CertificateVerify;
struct {
opaque md5_hash[16];
opaque sha_hash[20];
} Finished;
A CipherSuite defines a cipher specifications supported in SSL Version 3.0.
CipherSuite SSL_NULL_WITH_NULL_NULL = { 0x00,0x00 };
The following CipherSuite definitions require that the server provide an RSA certificate that can be used for key exchange. The server may request either an RSA or a DSS signature-capable certificate in the certificate request message.
CipherSuite SSL_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
CipherSuite SSL_RSA_WITH_NULL_SHA = { 0x00,0x02 };
CipherSuite SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
CipherSuite SSL_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
CipherSuite SSL_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
CipherSuite SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
CipherSuite SSL_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
CipherSuite SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
CipherSuite SSL_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
CipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
The following CipherSuite definitions are used for server-authenticated (and optionally client-authenticated) Diffie-Hellman. DH denotes cipher suites in which the server's certificate contains the Diffie-Hellman parameters signed by the certificate authority (CA). DHE denotes ephemeral Diffie-Hellman, where the Diffie-Hellman parameters are signed by a DSS or RSA certificate, which has been signed by the CA. The signing algorithm used is specified after the DH or DHE parameter. In all cases, the client must have the same type of certificate, and must use the Diffie-Hellman parameters chosen by the server.
CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B };
CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
CipherSuite SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
CipherSuite SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E };
CipherSuite SSL_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
CipherSuite SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 };
CipherSuite SSL_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
CipherSuite SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
CipherSuite SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 };
CipherSuite SSL_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
CipherSuite SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
The following cipher suites are used for completely anonymous Diffie-Hellman communications in which neither party is authenticated. Note that this mode is vulnerable to man-in-the-middle attacks and is therefore strongly discouraged.
CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 };
CipherSuite SSL_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
CipherSuite SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
CipherSuite SSL_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
CipherSuite SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
The final cipher suite is for the Fortezza token.
CipherSuite SSL_FORTEZZA_DMS_WITH_NULL_SHA = { 0X00,0X1C };
CipherSuite SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = { 0x00,0x1D };
Note: All cipher suites whose first byte is 0xFF are considered private and can be used for defining local/experimental algorithms. Interoperability of such types is a local matter. Note: Additional cipher suites will be considered for implementation only with submission of notarized letters from two independent entities. Netscape Communications Corp. will act as an interim registration office, until a public standards body assumes control of SSL.
enum { stream, block } CipherType;
enum { true, false } IsExportable;
enum { null, rc4, rc2, des, 3des, des40, fortezza } BulkCipherAlgorithm;
enum { null, md5, sha } MACAlgorithm;
struct {
BulkCipherAlgorithm bulk_cipher_algorithm;
MACAlgorithm mac_algorithm;
CipherType cipher_type;
IsExportable is_exportable
uint8 hash_size;
uint8 key_material;
uint8 IV_size;
} CipherSpec;
|
||||||||||||||||
|
With any suggestions or questions please feel free to contact us | ||||||||||||||||||