Rory Chisholm <[EMAIL PROTECTED]> writes:
> This isn't really purely modssl related but I thought I'd give it a try here.
>
> The SSL v.3 protocol has an optional client_verify where the client signs
> the handshake
> messages with it's secret key thus verifying it not only has a client
> certificate but knows the
> certificates secret key.
>
> There seems to be no corresponding handshake message where the server signs
> the handshake
> and thus proves it knows the servers secret key which matches the server
> certificate it presented.
>
> Now either I'm missing something here or this seems to be an omission -
> surely the client
> would like to make sure it is talking to a server that knows it's own
> secret key ?
There are two common cases:
(1) The client encrypts the master key for the session (used to generate
the keying material) with the server's public key. Thus, the server's
ability to decrypt that key proves possession.
(2) The servr signs a temporary public key with his private key. That
signature binds the connection to the server's key.
Thus, in either case the client knows that the server has the key he
claims to have. No special message is required.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
