dns - Is domain name of the server checked during SSL handshake -


during ssl handshake, domain name of server checked during ssl handshake, mean domain name in server certificated checked against domain in server running ?

example: suppose server certificate has domain mydomain.com . , if server running in domain someotherdomain.com ... cheked during ssl handshake , aborted mydomain.com not someotherdomain.com ?

it depends...

the ssl/tls standard doesn't specify how , when server certificate verified.

from introduction:

[...] decisions on how initiate tls handshaking , how interpret authentication certificates exchanged left judgment of designers , implementors of protocols run on top of tls.

this being said, while doesn't specify how authentication has take place, implementations meant perform check during handshake (or @ least, after):

  • see appendix d.
  • some error messages related certificate authentication failure (bad_certificate, certificate_expired, ...).
  • some of text in handhsake overview: "[...] if server authenticated, may request certificate client, if appropriate cipher suite selected."

in cases, certificate verification guided rfc 3280/rfc 5280. number of ssl/tls stacks @ least default.

the host name verification, considered 1 of certificate authentication step, has historically been implemented separately. because rfc 3280/rfc 5280 didn't address step , left each application protocol. there relatively recent harmonisation attempt in rfc 6125 (you can find differences in protocols in appendix b).

whether host name checking done during ssl/tls handshake depends on library you're using, , how you've configured it.

for example, before java 7, had done separately main jsse api (sslsocket/sslengine). (this done in httpsurlconnection, example, sits on top of jsse, not within.) since java 7, it's possible perform check during handshake , within jsse using x509extendedtrustmanager, has configured using sslparameters.setendpointidentificationalgorithm(...), only supports https , ldaps (this being said, if service doesn't use http, using https endpoint identification algorithm wouldn't bad choice, better nothing).

other ssl/tls libraries or wrapping other libraries in other languages tend @ least have callbacks this. whether they're used (and used correctly) developers depends, shown in this paper. (you might interested in this question on security.se.)


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more