几个TLS协议的握手流程备忘
1. 标准流程对比
1.1. TLS1.0,1.1,1.2,GMv1.1
1.1.1. 完整握手
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
|
1.1.2. 会话恢复
1
2
3
4
5
6
7
8
9
| Client Server
ClientHello -------->
ServerHello
[ChangeCipherSpec]
<-------- Finished
[ChangeCipherSpec]
Finished -------->
Application Data <-------> Application Data
|
1.2. TLS1.3
1.2.1. 完整握手
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| Client Server
Key ^ ClientHello
Exch | + key_share*
| + signature_algorithms*
| + psk_key_exchange_modes*
v + pre_shared_key* -------->
ServerHello ^ Key
+ key_share* | Exch
+ pre_shared_key* v
{EncryptedExtensions} ^ Server
{CertificateRequest*} v Params
{Certificate*} ^
{CertificateVerify*} | Auth
{Finished} v
<-------- [Application Data*]
^ {Certificate*}
Auth | {CertificateVerify*}
v {Finished} -------->
[Application Data] <-------> [Application Data]
|
1.2.2. DHE共享密钥不合适时候的握手
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| Client Server
ClientHello
+ key_share -------->
HelloRetryRequest
<-------- + key_share
ClientHello
+ key_share -------->
ServerHello
+ key_share
{EncryptedExtensions}
{CertificateRequest*}
{Certificate*}
{CertificateVerify*}
{Finished}
<-------- [Application Data*]
{Certificate*}
{CertificateVerify*}
{Finished} -------->
[Application Data] <-------> [Application Data]
|
1.2.3. 会话恢复和PSK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| Client Server
Initial Handshake:
ClientHello
+ key_share -------->
ServerHello
+ key_share
{EncryptedExtensions}
{CertificateRequest*}
{Certificate*}
{CertificateVerify*}
{Finished}
<-------- [Application Data*]
{Certificate*}
{CertificateVerify*}
{Finished} -------->
<-------- [NewSessionTicket]
[Application Data] <-------> [Application Data]
Subsequent Handshake:
ClientHello
+ key_share*
+ pre_shared_key -------->
ServerHello
+ pre_shared_key
+ key_share*
{EncryptedExtensions}
{Finished}
<-------- [Application Data*]
{Finished} -------->
[Application Data] <-------> [Application Data]
|
1.2.4. 0-RTT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| Client Server
ClientHello
+ early_data
+ key_share*
+ psk_key_exchange_modes
+ pre_shared_key
(Application Data*) -------->
ServerHello
+ pre_shared_key
+ key_share*
{EncryptedExtensions}
+ early_data*
{Finished}
<-------- [Application Data*]
(EndOfEarlyData)
{Finished} -------->
[Application Data] <-------> [Application Data]
|
1.3. DTLS1.2
1.3.1. 防DDOS攻击
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| Client Server
------ ------
ClientHello (seq=0) ------>
X<-- HelloVerifyRequest (seq=0)
(lost)
[Timer Expires]
ClientHello (seq=0) ------>
(retransmit)
<------ HelloVerifyRequest (seq=0)
ClientHello (seq=1) ------>
(with cookie)
<------ ServerHello (seq=1)
<------ Certificate (seq=2)
<------ ServerHelloDone (seq=3)
[Rest of handshake]
|
1.3.2. 完整握手flight
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| Client Server
------ ------
ClientHello --------> Flight 1
<------- HelloVerifyRequest Flight 2
ClientHello --------> Flight 3
ServerHello \
Certificate* \
ServerKeyExchange* Flight 4
CertificateRequest* /
<-------- ServerHelloDone /
Certificate* \
ClientKeyExchange \
CertificateVerify* Flight 5
[ChangeCipherSpec] /
Finished --------> /
[ChangeCipherSpec] \ Flight 6
<-------- Finished /
|
1.3.3. 会话恢复flight
1
2
3
4
5
6
7
8
9
10
11
| Client Server
------ ------
ClientHello --------> Flight 1
ServerHello \
[ChangeCipherSpec] Flight 2
<-------- Finished /
[ChangeCipherSpec] \Flight 3
Finished --------> /
|
2. 简化
握手过程主要目标是2个:
- 协商各种加密参数
- 认证,包括client和server认证
2.1. TLS1.0,1.1,1.2,GM1.1
2.1.1. 完整握手
1
2
3
4
5
6
7
8
9
10
11
| Client Server
ClientHello -------->
ServerHello
<-------- 证书*
密钥
[ChangeCipherSpec]
Finished校验 -------->
[ChangeCipherSpec]
<-------- Finished校验
Application Data <-------> Application Data
|
2.1.2. 会话恢复
1
2
3
4
5
6
7
8
9
| Client Server
ClientHello -------->
ServerHello
[ChangeCipherSpec]
<-------- Finished校验
[ChangeCipherSpec]
Finished校验 -------->
Application Data <-------> Application Data
|
2.2. TLS1.3
2.2.1. 完整握手
1
2
3
4
5
6
7
8
9
10
11
12
13
| Client Server
^ ClientHello
v + 密钥* -------->
ServerHello ^ Key
+ 密钥* | Exch
{EncryptedExtensions} ^ Server
{证书*} ^
{Finished校验} v
<-------- [Application Data*]
^ {证书*}
v {Finished校验} -------->
[Application Data] <-------> [Application Data]
|
2.2.2 会话恢复
1
2
3
4
5
6
7
8
9
| ClientHello
+ 预主密钥id -------->
ServerHello
+ 预主密钥id
{EncryptedExtensions}
{Finished校验}
<-------- [Application Data*]
{Finished校验} -------->
[Application Data] <-------> [Application Data]
|
2.2.3. 0-RTT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| Client Server
ClientHello
+ 预主密钥id
(早期应用数据*) -------->
ServerHello
+ 预主密钥id
{EncryptedExtensions}
+ 早期数据指示*
{Finished校验}
<-------- [Application Data*]
(早期应用数据结束标志)
{Finished校验} -------->
[Application Data] <-------> [Application Data]
|
3. 总结
TLS1.0,1.1,1.2,GMv1.1, DTLS1.2完整握手基本一样,都是先发送证书,再交换密钥,最后进行握手认证(Finished);会话恢复也都一样,先发送 session id 或 ticket 恢复密钥和认证,在进行握手认证(Finished)。
TLS1.3的先交换密钥,再发送证书,最后进行握手认证(Finished)。基本差不多。
参考:
- tls1.0-rfc2246
- tls1.1-rfc4346
- tls1.2-rfc5246
- tls1.3-rfc8446
- dtls1.2-rfc6347