|
Hi
1. client connect to server and sends list of
algo and random number.
question
#1 Openssl.cnf points to the random seed file that openssl used to create a
random number
(when it created the selfsigned cert) is this the same random number that we use for
the
handshake with server? I know stupid Q but could someone answer it.
2. server send back cipher name, random
number and cert containing servers public key.
question
#2 is this the random number used to create the servers public and
private keys? If so, it could be
around for a long time, should it be encrypted also?
3. client verifies cert, extract public
key creates pre master secret encrypted with servers public key sent
it
back to the server.
question #3
verifying cert means compare the host(www.authorize.net) with the cn of the server
cert? If so what's
going
on behind the screen?
4. client & server compute the encryption
and MAC from pre master secret & client/server random number.
question #4 write_ssl()
encrypt our data with this encryption, before sending to server?
question #5 when is the
MAC sent and how often when I use write_ssl()?
question #6 From the
servers point of view, how does it verify my selfsigned cert? When I
initiate the handshake
I am connecting to a domain and port. Can the server verify that its my
domain from the socket
connection? maybe doing a reverse lookup?
Robert |
