Cheatsheet: Difference between revisions
Content added Content deleted
Line 456:
Client Key Exchange (16)
Finished (20)
The Finished message is the first protected packet with the most recently negotiated algorithms, keys, and secrets. ▼
No acknowledgment of the Finished message is required; parties can begin to send encrypted data immediately after they send the Finished message. ▼
Recipients of Finished messages must verify that the contents are correct.▼
*Change Cipher Spec protocol:
Line 463 ⟶ 470:
Might or might not be encrypted; in a simple connection with single handshake, the CCS record is not encrypted.
*Alert Records are used in order to indicate to the peer that a condition has occured.
Some alerts are warnings, while others are fatal and cause the connection to fail.
▲ Always sent immediately after a Change Cipher Spec message in order to verify that the key exchange and authentication processes were successful.
Alerts might or might not be encrypted, and might occur during a handshake or during data transfer.
▲ The Finished message is the first protected packet with the most recently negotiated algorithms, keys, and secrets.
There are two types of alerts:
▲ No acknowledgment of the Finished message is required; parties can begin to send encrypted data immediately after they send the Finished message.
Closure Alerts: The connection must be properly closed in order to avoid any kind of truncation attacks.
▲ Recipients of Finished messages must verify that the contents are correct.
A close_notify message indicates to the recipient that the sender will not send anymore messages on that connection.
Error Alerts: When an error is detected, the detecting party sends a message to the other party.
Upon transmission or receipt of a fatal alert message, both parties immediately close the connection.
Example:
unexpected_message (fatal)
decompression_failure
handshake_failure
*Application Data Record
▲* Hello Request
These records contain the actual application data.
These messages are carried by the record layer and are fragmented, compressed, and encrypted, based on the current connection state.
= NetScaler =
|