… | |
… | |
331 | The first line contains strings separated (not ended) by C<;> |
331 | The first line contains strings separated (not ended) by C<;> |
332 | characters. The first even ixtrings are fixed by the protocol, the |
332 | characters. The first even ixtrings are fixed by the protocol, the |
333 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
333 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
334 | characters themselves. |
334 | characters themselves. |
335 | |
335 | |
336 | All the lines until after authentication must not exceed 4kb in length, including delimiter. |
336 | All the lines until after authentication must not exceed 4kb in length, |
|
|
337 | including delimiter. Afterwards there is no limit on the packet size that |
|
|
338 | can be received. |
|
|
339 | |
|
|
340 | =head3 First Greeting Line |
337 | |
341 | |
338 | The fixed strings are: |
342 | The fixed strings are: |
339 | |
343 | |
340 | =over 4 |
344 | =over 4 |
341 | |
345 | |
… | |
… | |
396 | |
400 | |
397 | Indicates that the other side supports TLS (version should be 1.0) and |
401 | Indicates that the other side supports TLS (version should be 1.0) and |
398 | wishes to do a TLS handshake. |
402 | wishes to do a TLS handshake. |
399 | |
403 | |
400 | =back |
404 | =back |
|
|
405 | |
|
|
406 | =head3 Second Greeting Line |
401 | |
407 | |
402 | After this greeting line there will be a second line containing a |
408 | After this greeting line there will be a second line containing a |
403 | cryptographic nonce, i.e. random data of high quality. To keep the |
409 | cryptographic nonce, i.e. random data of high quality. To keep the |
404 | protocol text-only, these are usually 32 base64-encoded octets, but |
410 | protocol text-only, these are usually 32 base64-encoded octets, but |
405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
411 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
406 | characters. |
412 | characters. |
407 | |
413 | |
|
|
414 | I<< The two nonces B<must> be different, and an aemp implementation |
|
|
415 | B<must> check and fail when they are identical >>. |
|
|
416 | |
408 | Example of the two lines of greeting: |
417 | Example of the two lines of greeting: |
409 | |
418 | |
410 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
419 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
411 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
420 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
412 | |
421 | |
413 | =head2 TLS handshake |
422 | =head2 TLS handshake |
414 | |
423 | |
415 | If, after the handshake, both sides indicate interest in TLS, then the |
424 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
416 | connection I<must> use TLS, or fail. |
425 | connection B<must> use TLS, or fail.>> |
417 | |
426 | |
418 | Both sides compare their nonces, and the side who sent the lower nonce |
427 | Both sides compare their nonces, and the side who sent the lower nonce |
419 | value ("string" comparison on the raw octet values) becomes the client, |
428 | value ("string" comparison on the raw octet values) becomes the client, |
420 | and the one with the higher nonce the server. |
429 | and the one with the higher nonce the server. |
421 | |
430 | |