The different messages WIP
Client Hello
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-2>;
CompressionMethod compression_methods<1..2^8-1>;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ClientHello;
- Sent: Client -> server
- Purpose: To initiate / resume a secure connection
- client_version is the highest TLS version that the client supports
- random contains the GMT Unix Time and 28 randomly generated bytes. This
will be used further down in the protocol
- Session ID might be empty or an old session ID or a currently active session
ID.
- Old Session ID: Server will try to resume that connection. Client must
be ready to negotiate the complete handshake nonetheless.
- Currently active session: Client is trying to open multiple
connections with the same security parameters.
- Empty: Client wants to open a new connection
- Cipher Suite decides the Key Exchange algorithm, the digital signature
algorithm, bulk encryption algorithm alongwith secret key bit size, a
Message Authentication Code (MAC) algorithm, and a Pseudo Random Function
(PRF)
Server Hello
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ServerHello;
- Sent: Server -> Client
- Purpose:
- server_version is the TLS version that the server has decided to use. This
must be the lowest of the highest version the server supports and the
client_version that was sent in ClientHello.
- random is again the GMT Unix Time and 28 randomly generated bytes. These
must be independently generated from the random sent by the client
- session_id is the session ID of an old session in case the server was able
to find it in the cache. The parties can move directly to the
Finished
message. If client’s session ID was empty, the server can send a new value
that would now identify the session that will be negotiated.
- cipher_suite is the cipher suite the server has decided to continue this
negotiation with