When the client application (or other client browser program) launched a login authentication, encryption and signature request operation, such as resident program receives the request, and based on the service side of SM2/SM3 SSL communications, after completion of relevant business operations of a service by the resident program will eventually server returns the results back to the browser or other client programs,
Consult the:
1, in the original without SSL module in the gateway system, based on the integration in dense SM2/SM3 SSL module?
2, based on the dense SM2/SM3 SSL module, have a ready-made open source code?
Thank you thank you!
CodePudding user response:
Supplement, if there are based on the realization of the c the best,CodePudding user response:
Countries of the SSL protocol handshake process is as follows:(1) Hello message exchange to negotiate cipher suite, exchange of random Numbers, determine whether the session reuse;
(2) to exchange the necessary parameters, negotiate pre master key
(3) the certificate information exchange, is used to validate each other
(4) the use of random Numbers generated in the process of the main key and exchange master key
(5) to the recording layer to provide a safe parameter
(6) verify the calculation of the safety parameters of consistency, the authenticity and completeness of the handshake
On the server implementation based on the dense algorithm and HTTPS encryption, SSL certification need approval to the ministry of industry and the authority of the electronic certification bodies (such as: wosign CA), the application conforms to the standard of the kingdom of guhya SSL certificates, will be deployed on the server certificate, and compiled on the server side the algorithm support module, and then use the access certificate of the deployed site close the browser, the browser and server can use the secret algorithm encrypt the data transmission and complete implementation of SSL authentication and encryption algorithm and application, in order to protect the security of the dense SSL certificate issued by the SSL certificate of the CA institutions, should also provide support for the CRL/OCSP server of the algorithm, is used to query the SSL certificate valid state, wosign countries close plan full support to achieve the above,