-
Notifications
You must be signed in to change notification settings - Fork 80
Ssl usecases
Technically there are four different SSL use cases. The details are discussed below.
In general a server configured for SSL connections will perform as follows during a SSL handshake:
- Put the server certificate on the wire (to be received by the client)
- If configured to demand client certificates will expect to receive one, and proceed to authenticate it
The client in turn, may be configured to:
- supply or not a certificate to the server
- ignore the server's certificate
- validate the server's certificate
As noted, the server may be configured to require a client certificate in return. This requirement is generally indicated in server configuration (or perhaps in server code). When the server is configured to require a client certificate, the client must provide a valid client certificate during the handshake.
This is the only way the stomp gem operates in versions 1.2.0 and previous versions. The gem in those versions does not support any other use cases described here.
The general environment and behavior is that:
- The server is configured for SSL
- The server is configured to not require client authentication
- The client is configured or coded to ask for an SSL connection
- During handshake the server puts its certificate on the wire
- During handshake the client receives the server's certificate and ignores it
The general environment and behavior is that:
- The server is configured for SSL
- The server is configured to not require client authentication
- The client is configured or coded to ask for an SSL connection
- The client is configured with the servers authentication information
- During handshake the server puts its certificate on the wire
- During handshake the client receives the server's certificate and authenticates it
Note: This is likely a very unusual and seldom used use case.
The general environment and behavior is that:
- The server is configured for SSL
- The server is configured to require client authentication
- The server is configured with the client's authentication information
- The client is configured or coded to ask for an SSL connection
- The client is configured to put its certificate on the wire
- During handshake the server puts its certificate on the wire
- During handshake the client receives the server's certificate and ignores it
- During handshake the server receives the client's certificate and authenticates it
Note: This is likely a very typical and often implemented use case.
- The server is configured for SSL
- The server is configured to require client authentication
- The server is configured with the client's authentication information
- The client is configured or coded to ask for an SSL connection
- The client is configured with the servers authentication information
- The client is configured to put its certificate on the wire
- During handshake the server puts its certificate on the wire
- During handshake the client receives the server's certificate and authenticates it
- During handshake the server receives the client's certificate and authenticates it
It is important to note that if a server is configured to require client authentication, then the following use cases are not possible for the client:
- Use Case 1
- Use Case 2