When you enter beginning with https in the browser address bar URL, it will be a lot of communication in the next few hundred milliseconds between the browser and the server. InfoQ's article on this very detailed description. The first step in a complex procedure, negotiation is a key algorithm used in subsequent communications between the browser and the server. This process is simply this:
The browser itself supported by a series of Cipher Suite (key algorithm suite, hereinafter referred to as the Cipher) [C1, C2, C3, ...] to the server;
After the server receives the browser all Cipher, with its own support package for comparison, if both sides find support Cipher, then tell the browser;
Browser and the server using the matching Cipher for subsequent communication. If the server does not find a matching algorithm, the browser (in Firefox 30, for example, follow the example of the browser are using this version of Firefox) will give an error message
Secure Connection Failed error
This article describes how to explore the process.
What browsers support Cipher? It depends on the browser supports SSL / TLS protocol version. Traditionally, we usually HTTPS and SSL protocol put together; in fact, SSL protocol is an agreement Netcape company in the mid-1990s raised itself to the development of version 3.0. The 1999 agreement by the ITEL takeover standardized, renamed TLS. It can be said, TLS 1.0 is SSL 3.1 version. SSL on Wikipedia does not separate entries, but will be redirected to the TLS, it shows the close relationship the two protocols. Currently TLS latest version is 1.2. There are more than 99% of the site supports TLS 1.0, and TLS 1.2 support is still less than 40% of sites on the Internet. Open the Firefox browser, the address bar enter about: config, then search tls.version
Wherein security.tls.version.min security.tls.version.max two decisions and the Firefox support SSL / TLS versions, according to the document describes Firefox, the two optional protocols values and their representatives are:
0 - SSL 3.0
1 - TLS 1.0
2 - TLS 1.1
3 - TLS 1.2
Therefore, the figure shows that the current limit is set browser support is protocol SSL 3.0, the upper limit is TLS 1.2. Now, if the security.tls.version.min one to three, then the browser will only support the TLS 1.2. Mentioned before, only less than 40% of websites support TLS 1.2, for example, Amazon is not in this column of 40%, so in this case access https://amazon.com, will receive a "Secure Connection Failed" error message, as shown in picture 2.
Learn the SSL / TLS protocol, you can use Wireshark (or a similar tool for network packets may be taken away) by analyzing network packets of information, to see the browser sends to the server all Cipher. Wireshark is a simple but very powerful capture tool.
The browser will first initiate a handshake agreement, both a "ClientHello" message in the message body, you can find Firefox support Cipher. In Wireshark, sorted according to Protocol agreement, and then find an Info as "Client Hello" from the TLS 1.2 protocol packets. Select this, and then turn to find the Secure Sockets Layer information in the following message window -> TLSv1.2 Record Layer -> Handshake Protocal -> Cipher Suites. The first example is a Cipher TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, a total of 23
If you continue to find an Info "ServerHello" message, the server can be found in the returned Cipher similar position, in this case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
The meaning of this long list of names of key algorithm, described later. Next, the browser must wait for the server to respond to its request. Let's take a look at the server side have done.
Let us take an example Windows. To view the key algorithm which supports the operating system can run gpedit.msc, turn into the "Computer Configuration" -> "Administrative Templates" -> "Network" -> "SSL Configuration Settings", then you can see in the right window "SSL Cipher Suite Order" item
Click the item into the "SSL Cipher Suite Order". Here you can see a collection of operating system support Cipher, and sort of different Cipher
If you need to adjust this sort, or remove some weak Cipher, you can click the top left corner of the "Enabled", and then rewrite the list editor Cipher in the "Options" in. If you prefer the command line, you can modify key algorithm suite by the following Powershell command:
Set-ItemProperty-path HKLM: \ SOFTWARE \ Policies \ Microsoft \ Cryptography \ Configuration \ SSL \ 0001002-name Functions-value "XXX, XXX, XXX"
So Cipher This is a long list of what the name mean? In fact, the name of each Cipher contains four pieces of information, namely,
Key exchange algorithm used in the process of how authentication handshake between the client and server decide, used algorithms include RSA, Diffie-Hellman, ECDH, PSK, etc.
Encryption algorithm for encrypting the message stream, usually after the name with two numbers represent the length of the key and the initial vector, such as DES 56/56, RC2 56/128, RC4 128/128, AES 128 / 128, AES 256/256
Message authentication code information (MAC) algorithm is used to create a message digest, ensure the integrity of the message (not been tampered with), algorithms include MD5, SHA and the like.
PRF (pseudo-random number function) for generating a "master secret".
Get to know the full contents of the above seems to require presentation of a book (I already insufficient). But generally know, it helps to understand Cipher names, such as in front of the server sends back to the client Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA. Its name shows, it is
Based TLS protocol;
Use ECDHE, RSA as the key exchange algorithm;
Encryption algorithm is AES (length of the key and initialization vector is 256);
MAC algorithm (this is a hash algorithm) is SHA.
Cipher familiar with the meaning behind the name, let us look at this like IIS Web server How to Choose a key algorithm do? If the browser sent a key algorithm suite [C1, C2, C3], and Windows Server support kit [C4, C2, C1, C3] when, C1 and C2 are simultaneously support both algorithms, IIS priority return C1, C2 or what? The answer is C2. IIS server will traverse key algorithm suite, take the first C4, find your browser does not support; Then take the second C2, the supported browser! Thus, IIS select the C2 algorithm and include it in a "ServerHello" handshake protocol, sent back to the client. With this in Figure 5 results.
As a browser user, you can tell the browser can only access the support site TLS 1.2 protocol, for better security, and a worse experience. As a server maintainer, it seems to be the strongest Cipher top surface is the right choice. Just recently, we developed a Web tax system in a security check conducted by a third party, one was reported out of the problem is that the server default Cipher too weak (RC4-based), so we use the AES-based the Cipher, but just choose a key length of 128, rather than 256, mainly from worries behind performance - when encryption and decryption is a CPU-intensive operations, we are worried that the busy tax season, too strong Cipher will bring performance problem.
In fact, like Amazon and Google these Internet companies are using RC4-based encryption algorithm. This was another clash between theory and practice.