Ask the Expert

Finding the answers to specific SSL questions

I have a couple questions about SSL. First of all, why does SSL have a Change Cipher Spec Protocol that contains only the change_cipher_spec message? Why was the change_cipher_spec message just not defined in the Handshake Protocol? I'm sure there is a reason that a separate protocol was created, but I have not been able to find it.

My second question is about the client and server secrets and keys in the connection state. Why are there two write MAC secrets (one for the client and one for the server) and two write keys (one for the client and one for the server) in the connection state? I can understand why one MAC secret and one write key would be needed, but I can't understand why there are two of each. Aren't these secrets and keys symmetric, meaning only one key/secret is needed?

Any help you could give me on this would be greatly appreciated.

    Requires Free Membership to View

The best place to find the answers to your questions would be the SSL/TLS working group mailing lists in the IETF. Many questions -- like "why did you do it this way" are best answered by the people who actually did it. Here is information about the working group mailing lists:

General Discussion:
To Subscribe:

This was first published in September 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: