1、The SSL or TLS client sends a "client hello" message that lists cryptographic information such as the SSL or TLS version and, in the client's order of preference, the CipherSuites supported by the client. The message also contains a random byte string that is used in subsequent computations. The protocol allows for the "client hello" to include the data compression methods supported by the client.
译文:SSL/TLS 客户端发送"client hello"消息,消息列出了比如SSL/TLS版本,客户端偏好顺序,客户端支持的密码套件。消息也包含一个随机字符串用于后续的计算。协议允许"client hello"消息包含客户端支持的数据压缩方法信息。
2、The SSL or TLS server responds with a "server hello" message that contains the CipherSuite chosen by the server from the list provided by the client, the session ID, and another random byte string. The server also sends its digital certificate. If the server requires a digital certificate for client authentication, the server sends a "client certificate request" that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities (CAs).
译文:SSL/TLS服务器回复"server hello"响应,消息包含服务器选择的客户端列表提供的密码套件信息,会话ID,另外的随机字符串。服务器也将发送数字证书。如果服务器需要数字证书对客户端身份验证,服务器发送一个“客户证书请求”,包括一系列的证书类型支持和接受认证机构的专有名称。
3、The SSL or TLS client verifies the server's digital certificate. For more information, see How SSL and TLS provide identification, authentication, confidentiality, and integrity.
译文:SSL/TLS客户端校验服务器的数字证书。
4、The SSL or TLS client sends the random byte string that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The random byte string itself is encrypted with the server's public key.
译文:SSL/TLS客户端发送随机字符串以允许服务端和客户端计算密钥用来加密后续的消息数据。随机字符串本身被服务器的公钥加密。
5、If the SSL or TLS server sent a "client certificate request", the client sends a random byte string encrypted with the client's private key, together with the client's digital certificate, or a "no digital certificate alert". This alert is only a warning, but with some implementations the handshake fails if client authentication is mandatory.
译文:如果SSL/TLS服务器发送“客户证书请求”请求,客户端发送一个客户端私钥加密的随机字符串,和客户端数字证书或没有证书的警告。仅仅是警告而已,除非客户端身份验证是强制的,则这样的一些握手将会失败。
6、The SSL or TLS server verifies the client's certificate. For more information, see How SSL and TLS provide identification, authentication, confidentiality, and integrity.
译文:SSL/TLS服务器校验客户端证书。
7、The SSL or TLS client sends the server a "finished" message, which is encrypted with the secret key, indicating that the client part of the handshake is complete.
译文:SSL/TLS客户端发送一个密钥加密的“finished”消息给服务器,表明客户端部分的握手已经完成。
8、The SSL or TLS server sends the client a "finished" message, which is encrypted with the secret key, indicating that the server part of the handshake is complete.
译文:SSL/TLS服务器发送一个密钥加密的“finished”消息给客户端,表明服务器部分的握手已经完成。
9、For the duration of the SSL or TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.
译文:SSL/TLS会话期间,服务器与客户端能够交换共享密钥对称加密的消息。
原文:https://www.ibm.com/support/knowledgecenter/zh/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm
转载请注明原文地址: https://ju.6miu.com/read-4436.html
