| … | |
… | |
| 331 | The first line contains strings separated (not ended) by C<;> |
331 | The first line contains strings separated (not ended) by C<;> |
| 332 | characters. The first even ixtrings are fixed by the protocol, the |
332 | characters. The first even ixtrings are fixed by the protocol, the |
| 333 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
333 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
| 334 | characters themselves. |
334 | characters themselves. |
| 335 | |
335 | |
| 336 | All the lines until after authentication must not exceed 4kb in length, including delimiter. |
336 | All the lines until after authentication must not exceed 4kb in length, |
|
|
337 | including delimiter. Afterwards there is no limit on the packet size that |
|
|
338 | can be received. |
|
|
339 | |
|
|
340 | =head3 First Greeting Line |
| 337 | |
341 | |
| 338 | The fixed strings are: |
342 | The fixed strings are: |
| 339 | |
343 | |
| 340 | =over 4 |
344 | =over 4 |
| 341 | |
345 | |
| … | |
… | |
| 396 | |
400 | |
| 397 | Indicates that the other side supports TLS (version should be 1.0) and |
401 | Indicates that the other side supports TLS (version should be 1.0) and |
| 398 | wishes to do a TLS handshake. |
402 | wishes to do a TLS handshake. |
| 399 | |
403 | |
| 400 | =back |
404 | =back |
|
|
405 | |
|
|
406 | =head3 Second Greeting Line |
| 401 | |
407 | |
| 402 | After this greeting line there will be a second line containing a |
408 | After this greeting line there will be a second line containing a |
| 403 | cryptographic nonce, i.e. random data of high quality. To keep the |
409 | cryptographic nonce, i.e. random data of high quality. To keep the |
| 404 | protocol text-only, these are usually 32 base64-encoded octets, but |
410 | protocol text-only, these are usually 32 base64-encoded octets, but |
| 405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
411 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
| 406 | characters. |
412 | characters. |
| 407 | |
413 | |
|
|
414 | I<< The two nonces B<must> be different, and an aemp implementation |
|
|
415 | B<must> check and fail when they are identical >>. |
|
|
416 | |
| 408 | Example of the two lines of greeting: |
417 | Example of the two lines of greeting: |
| 409 | |
418 | |
| 410 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
419 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
| 411 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
420 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
| 412 | |
421 | |
| 413 | =head2 TLS handshake |
422 | =head2 TLS handshake |
| 414 | |
423 | |
| 415 | If, after the handshake, both sides indicate interest in TLS, then the |
424 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
| 416 | connection I<must> use TLS, or fail. |
425 | connection B<must> use TLS, or fail.>> |
| 417 | |
426 | |
| 418 | Both sides compare their nonces, and the side who sent the lower nonce |
427 | Both sides compare their nonces, and the side who sent the lower nonce |
| 419 | value ("string" comparison on the raw octet values) becomes the client, |
428 | value ("string" comparison on the raw octet values) becomes the client, |
| 420 | and the one with the higher nonce the server. |
429 | and the one with the higher nonce the server. |
| 421 | |
430 | |
