> Hi. > > I'm developing an TLS implementation for Common Lisp. > I'm using openssl s_server and s_client for tests propose. > > Why initial Handshake messages are sent only in TLSPlaintext and not > TLSCompressed and TLSCiphertext?
Because all security parameters are negotiated during this phase. So you have to exchange them in clear, however, they are protected by Finished messages against modification or replay. Add to that, the ClientKeyExchange is not in clear, it is encrypted with the server public key (case RSA). Best regards, Badra > > Where is written on protocol RFC that the initial handshake messages are > only wrapped in TLSPlaintext and sent over the network? > > Regards, > Anil Mamede > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
