Menu
I am currently trying to implement a tls handshake into a http proxy that I am writing. I know that I could use OpenSSL to do the work for me but I am interested in writing it myself.
I am currently working through the TLS RFC and am confused about how to parse the ClientHello message, particularly the fact that it may or may not have a session ID and that there seems to be a no count on the number of ciphersuites or compression methods.
Does anyone know the best way of doing this?
236
A TLS handshake is the process that kicks off a communication session that uses TLS. During a TLS handshake, the two communicating sides exchange messages to acknowledge each other, verify each other, establish the cryptographic algorithms they will use, and agree on session keys.
They then use the secret key and the secret key algorithm negotiated in the first step of the handshake to encrypt the secure data and the HMAC. The client and server can now communicate securely using their encrypted and hashed data.
The fastest way to fix this SSL/TLS handshake error-causing issue is just to reset your browser to the default settings and disable all your plugins. From there, you can configure the browser however you want, testing your connection with the site in question as you tweak things.
The session_id is preceded by the length. Same with the cipher suites and compression algorithms.
What's you're missing is section 4.3 of the RFC:
Variable length vectors are defined by specifying a subrange of legal lengths, inclusively, using the notation . When encoded, the actual length precedes the vector's contents in the byte stream. The length will be in the form of a number consuming as many bytes as required to hold the vector's specified maximum (ceiling) length. A variable length vector with an actual length field of zero is referred to as an empty vector.
185
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
