Back method13.shtml Next


Public-Key Encryption Algorithms : SSL


SSL Handshake Protocol

Designed for the purpose for creating an initial agreement between a client and a server on which cryptographic protocols, algorithms, methods, and parameters to use.
  • Client Hello

    client sends the server a message with names of algorithms to be used, names of names of the compression algorithms used, and a random number.

    ClientHello( CypherSuite[], CompressionMethod[], ClientRandom)

    Three encryption protocols are defined in CypherSuite :
    1. the key exchange protocol - RSA, Diffie-Hellman
    2. the secret key algorithm - NULL, RC4, RC2, DES40, Fortezza
    3. the one-hash algorithm - NULL, MD5, SHA


  • Server Hello

    Upon receiving message from the client, the server matches a cryptographic algorithm specified in the CypherSuite[], matches a compression method specified in CompressionMethod[] and returns to the client the following information:

    ServerHello( CypherSuite, CompressionMethod, ServerRandom )

    From here on, the client and server have agreed upon a set of cryptographic and compression algorithms.

    If the server has a public-key certificate
    • it sends the certificate to the client
    • the client generates a master secret key and sends it to the server encrypted with the certificate of the server.

    If not, then a key exchange protocol is initiated (ie. Diffie Hellman).

  • Last step in the handshake protocol is to send to each other a digest of the messages sent so far encrypted with the newly established secret keys.



Copyright 1997 by Slackers Union. Comments should go to any of the group members. Opinions reflected on this page are by no means opinions of UCSD. Go sue somebody else.

Last Modified: June 1, 1997