Re: Determining if client requests ssl handshake

Wed, 08 Jul 2009 01:49:52 -0700 

Actually, a TLS/SSLv3 ClientHello message begins with the byte sequence:

offset  value
0x00    0x16        content type Handshake
0x01    0x03        major version
0x02    0x00-0x03   minor version
0x03    0x????      length
0x05    0x01        handshake type ClientHello

RFC5246, Appendix A.

Kyle Hamilton wrote:

A client has a sign that a server wants to negotiate TLS if it
receives a byte 0x00 (the code for 'HelloRequest').  A server has a
sign that a client wants to negotiate TLS if it receives a byte 0x01
(ClientHello).

There are multiple ways to use TLS.  The one that webservers use is to
create the TLS-encrypted tunnel across TCP, then exchange all
application data over it.

The one that IMAP, ESMTP, and various other state-keeping, text-based
protocols with the ability to send binary across the same connection
use is to create a specific text-based command -- typically STARTTLS
-- that causes the server to send out a HelloRequest.

The typical sequences that I've been looking at for my apps lately, by
the way, are:

Receive:  (unicode byte order mark, describing precisely which
encoding the client's using)
STARTTLS
(server sends HelloRequest)
(client sends ClientHello)

Receive: ClientHello
(negotiate TLS)
Receive: Unicode BOM
(server assumes client is using Unicode)
Receive: Telnet IAC (0xff)
(server negotiates telnet parameters, including possibly Unicode)
Receive: anything else
(server assumes client is using ISO-Latin-1)

However, this is primarily for a couple of text-based MUD softwares
that I'm working with.  Your mileage may vary.

-Kyle H

On Mon, Jul 6, 2009 at 11:51 AM, Konstantin
Ivanov<[email protected]> wrote:

Hi all,
I was wondering if it is possible to determine if client is requesting an
ssl handshake on regular socket connection and if client does request it,
continue with SSL handshake and enable secure communication? What is
happening is that if I have a server, but I accept a connection using a
regular socket (not OpenSSL accept) then I get the scrambled data from the
client which I assume is an attempt to handshake with the server. Is it
possible to determine if this is a handshake and if so, let this connection
be secure? This is a custom application.
Thank you,
K

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to