• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2006, Vol. 28 ›› Issue (4): 23-25.

• 论文 • 上一篇    下一篇

基于SSL/TLS的安全应用中独立端口和磋商升级的研究与实现

邓晓军[1] 陈怀义[2]   

  • 出版日期:2006-04-01 发布日期:2010-05-20

  • Online:2006-04-01 Published:2010-05-20

摘要:

基于SSL/TLS构建的安全应用中通常采用了独立端口和磋商升级的策略。本文详细论述了这两种策略的基本原理,比较了它们各自的优缺点,进而对实施过程中遇到降级攻击以及因代理语义不能交互而导致连接失败的问题进行了分析,并针对这些问题提出了相应的解决办法。

关键词: SSL TLS 独立端口 磋商升级

Abstract:

Most SSL/TLS-based security applications adopt two strategies: the separate port strategy and the upward negotiation strategy. This paper discusses t he principle of the two strategies and compares the advantages and disadvantages of the two, and then analyzes the problems of downgrade attacks and the difference of semantics causing connection failures which emerge when the two strategies are being implemented. And the solutions to these problems are  also promoted.

Key words: SSL, TLS, separate port, upward negotiation