• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

why the answer is not c?

 
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
2. Which of the following is not an optional step in establishing an SSL handshake?
a. Server side certificate validation by the client
b. client side certificate validation by the server
c. Generation of session keys for encryption and decryption
d. Selection of a suitable Cipher suite for encryption by the server and the client
 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
c. Generation of session keys for encryption and decryption
c: definitely not the optional step,that is how they exchage message. Am I correct?
 
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with Robin, but I feel all a, c & d are mandatory in SSL handshaking. b can be avoided if server doesn't ask for a client authentication.
I found this on a google search - SSL Handshake - MSN
So whats correct the answer? Can some one help please?
 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by J Ash:
I agree with Robin, but I feel all a, c & d are mandatory in SSL handshaking. b can be avoided if server doesn't ask for a client authentication.
I found this on a google search - SSL Handshake - MSN
So whats correct the answer? Can some one help please?


Ian is correct IMHO. If you open the Netscape SSL doc (check http://www.javaranch.com/scealinks.jsp), you can see (chapter "Cipher Suites with RSA Key Exchange")that a possible algorithm selected in the handshake may be "No encryption, MD5 message authentication only". No key is generated in this case, since no encryption is necessary; perhaps MD5 needs a key exchange (i don't know about that), but that is not for encryption ... MD5 means "Message Digest 5th version", a sort of hash function computed on the message to avoid tampering or substitution (i.e. loss of Integrity); a sort of "signature".
The doc on Microsoft Network just summarizes the usual steps performed in the 99% of the cases, not in all cases.
Anyway this question is very interesting because it remainds us of a truth about SSL, that is, that the encryption algorithm selected in the SSL handshake may be absolutely not sure (the weakest ones can be decoded relatively easily).
When I knew about that, I jumped to Amazon to verify the encryption algorithm they use. Fortunately, this is a strong 128-bit code, so no cracker can order books from my account ...
[ April 15, 2002: Message edited by: Alberto Dell'era ]
 
My name is Inigo Montoya, you killed my father, prepare to read a tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic