Ben Laurie wrote:
>
> Dr Stephen Henson wrote:
> >
> > Ah I see the point now. The server doesn't have to generate the RSA
> > temporary key and more importantly sign it with the certified key: this
> > is likely to be an expensive operation.
> >
> > The next problem is how can the server in general determine whether to
> > expect the second client hello?
>
> Eh? Surely it should just do the appropriate thing if it gets it, rather
> than "expecting" it?
>
Well yes thats the short term solution.
The problem is that with a normal export grade handshake the client
sends a client hello then the server does a bunch of things up to and
including server done. In the process it will send the server key
exchange message which will involve signing the RSA temporary key with
the server's certified key. Typically a 1K RSA sign.
No attempt will be made by the OpenSSL code to read any client messages
upto this point because it isn't normally expecting the client to send
anything.
MSIE in SGC mode will completely ignore anything after the Server
Certificate message. It will then send a second client hello with
strong crypto algorithms in the cipher list.
After that point the handshake proceeds normally with the server no
longer needing to sign a temporary key and just decrypting the
pre-master secret.
If somehow the server can "expect" the second client hello after it has
sent its certificate it can halt the first handshake before the
expensive signing operation which the client will ignore anyway.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
