为SSL/TLS的http头添加更多参数
【腾讯云】亏本大甩卖,服务器4核16G 1年370元(带宽12M,系统盘120GB SSD盘,月流量2000GB)!!!!!!
云产品 配置 价格
服务器 1核2G,带宽5M,系统盘50GB SSD盘,月流量500GB 38元/年
MySQL 1核1G 19元/年
服务器 16核32G,带宽18M,系统盘250GB SSD盘,月流量5000GB 1197元/年
点我进入腾讯云,查看更多详情

As far as I understand, https is http plus SSL/TLS.

What do I need to do if I want to add 3 more parameters for the header? I found a file inside Mozilla's NSS - ssl3ext.c, but I don't understand it and don't know how to start. Need a clue from you guys..

Is this something about SSL/TLS extension? But it is far more complex right?

#0

SSL/TLS is a transport layer. It's negotiated first, and then HTTP talks "over" it. To add more HTTP header parameters you do exactly the same as you would normally.

(to be completely clear - HTTPS is HTTP "on top" of TLS/SSL. The TLS/SSL connection is made first and then HTTP uses it just like it would use an unencrypted transport).

#1

if a developer would like to add some more information/parameters for his SSL communication/handshaking, where does the parameter should be located?

RFC 3546 'Transport Layer Security (TLS) Extensions' is the only defined way to add additional parameters to the SSL/TLS handshake.

You can add your extension to the Client Hello message. If the server recognizes it, it can respond with a corresponding extension on the Server Hello message. The server cannot send it unless it was requested, however.

is it inside the code for http header or is it creating a new extension for TLS like the server name indication(SNI)?

It has nothing to do with HTTP. The SSL/TLS handshake is over before HTTP even begins.

I have looked into the code and RFC for SNI but seems does not get any clues?

Look at RFC 3546 for the extension format. The IANA manages the extension numbers. http://www.iana.org/assignments/tls-extensiontype-values/ Note that there is no 'experimental' range for you to use. IMHO what you do over your own ports is your own business, but be aware of the possibility of conflict in the future.

Does adding more parameters to the handshaking process will disturb the current implementation?

Some SSLv3 and older TLS 1.0 servers will hang up on you if you send an extension they don't like. Major web browsers implement fallback reconnect logic without extensions.

will it broke the standard?

If your extension follows the general format for extensions defined in RFC 3546, the only (modern) standard you are breaking is that you are not using an IANA-blessed extension ID number. If your extension is generally useful, you should strongly consider submitting it for formal standardization.

#2

You can add as many HTTP header parameters as you like, without concern for SSL. If you want to modify the SSL handshake, you should have the source to your SSL libraries on both sides of the connection.

I'm not sure what your trying to do here though. You could modify the ClientHandshake to include more/customer cipher suites. You could also define a custom content type. Currently the first byte in a TLS record determines the content type, which are as follows:

0x14    20  ChangeCipherSpec
0x15    21  Alert
0x16    22  Handshake
0x17    23  Application

Depending on what you are trying to do, you may be well served by adding a custom alert to the Alert Protocol. Alerts can be sent at any time, in either direction.

Customizing the protocol will break the standard, though you can do things like add cipher suites without changing the protocol. Between client certs and server certs, the protocol generally has everything most people need for authentication and encryption.

推荐文章

我怎样才能尝试这个jquery插件-Galleria?

我怎样才能尝试这个jquery插件-Galleria?

推荐文章

悬停Div系统

悬停Div系统

推荐文章

错误C2064:项的计算结果不是接受0个参数的函数

错误C2064:项的计算结果不是接受0个参数的函数

推荐文章

对字典中的键使用对象属性

对字典中的键使用对象属性

推荐文章

Qt中ODBC驱动程序的使用

Qt中ODBC驱动程序的使用

推荐文章

如何将第三方Windows dll组织到应用程序文件夹中的子文件夹中?

如何将第三方Windows dll组织到应用程序文件夹中的子文件夹中?

推荐文章

具有多个(动态)定位选择器的DOMWindow()

具有多个(动态)定位选择器的DOMWindow()

推荐文章

PHP Regex:如果ucwords匹配,如何获取大写单词并添加字符串?

PHP Regex:如果ucwords匹配,如何获取大写单词并添加字符串?

推荐文章

Windows phone 7产品的真实颜色深度是多少?

Windows phone 7产品的真实颜色深度是多少?

推荐文章

乘法和减法的数组比较

乘法和减法的数组比较

推荐文章

Amazon EC2不支持消息方法“createThumb”的引擎异常

Amazon EC2不支持消息方法“createThumb”的引擎异常

推荐文章

更新触发触发器的同一记录

更新触发触发器的同一记录

推荐文章

关于Java多线程的一个问题

关于Java多线程的一个问题

推荐文章

如何将新标记插入标记库?

如何将新标记插入标记库?

推荐文章

从内部类对象获取外部类对象

从内部类对象获取外部类对象

推荐文章

界面定向错误?

界面定向错误?