… | |
… | |
403 | cryptographic nonce, i.e. random data of high quality. To keep the |
403 | cryptographic nonce, i.e. random data of high quality. To keep the |
404 | protocol text-only, these are usually 32 base64-encoded octets, but |
404 | protocol text-only, these are usually 32 base64-encoded octets, but |
405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
406 | characters. |
406 | characters. |
407 | |
407 | |
|
|
408 | I<< The two nonces B<must> be different, and an aemp implementation |
|
|
409 | B<must> check and fail when they are identical >>. |
|
|
410 | |
408 | Example of the two lines of greeting: |
411 | Example of the two lines of greeting: |
409 | |
412 | |
410 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
413 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
411 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
414 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
412 | |
415 | |
413 | =head2 TLS handshake |
416 | =head2 TLS handshake |
414 | |
417 | |
415 | If, after the handshake, both sides indicate interest in TLS, then the |
418 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
416 | connection I<must> use TLS, or fail. |
419 | connection B<must> use TLS, or fail.>> |
417 | |
420 | |
418 | Both sides compare their nonces, and the side who sent the lower nonce |
421 | Both sides compare their nonces, and the side who sent the lower nonce |
419 | value ("string" comparison on the raw octet values) becomes the client, |
422 | value ("string" comparison on the raw octet values) becomes the client, |
420 | and the one with the higher nonce the server. |
423 | and the one with the higher nonce the server. |
421 | |
424 | |