| … | |
… | |
| 403 | cryptographic nonce, i.e. random data of high quality. To keep the |
403 | cryptographic nonce, i.e. random data of high quality. To keep the |
| 404 | protocol text-only, these are usually 32 base64-encoded octets, but |
404 | protocol text-only, these are usually 32 base64-encoded octets, but |
| 405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
| 406 | characters. |
406 | characters. |
| 407 | |
407 | |
|
|
408 | I<< The two nonces B<must> be different, and an aemp implementation |
|
|
409 | B<must> check and fail when they are identical >>. |
|
|
410 | |
| 408 | Example of the two lines of greeting: |
411 | Example of the two lines of greeting: |
| 409 | |
412 | |
| 410 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
413 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
| 411 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
414 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
| 412 | |
415 | |
| 413 | =head2 TLS handshake |
416 | =head2 TLS handshake |
| 414 | |
417 | |
| 415 | If, after the handshake, both sides indicate interest in TLS, then the |
418 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
| 416 | connection I<must> use TLS, or fail. |
419 | connection B<must> use TLS, or fail.>> |
| 417 | |
420 | |
| 418 | Both sides compare their nonces, and the side who sent the lower nonce |
421 | Both sides compare their nonces, and the side who sent the lower nonce |
| 419 | value ("string" comparison on the raw octet values) becomes the client, |
422 | value ("string" comparison on the raw octet values) becomes the client, |
| 420 | and the one with the higher nonce the server. |
423 | and the one with the higher nonce the server. |
| 421 | |
424 | |
