File talk:Ssl handshake with two way authentication with certificates.png
I believe this image has a small spelling mistake.
"demand client zertificate" should be "demand client certificate"
Several other spelling/language errors (certifikate, encrpted, mit), as well as some other bits that could read better and more consistently. A very nice diagram, but it would be helpful if the source were made available so that people could fix it up a bit.--Yjo 15:49, 19 October 2007 (UTC)
This diagram is wrong and should be revised or removed. Per the TLS spec, verification of the client certificate is done by signing a hash of all exchanged handshake messages. The message shown in which the client certificate is re-sent, encrypted with the client secret key, is wrong. Anyone who has seen this message, as described, would be able to replay it, as there is no binding to the rest of the handshake.
10/22/2007 —Preceding unsigned comment added by 72.52.84.194 (talk) 17:33, 22 October 2007 (UTC)
Another thing that is wrong on this diagram is that per the TLS spec the Certificate Verify message should be sent right after the Client Key Exchange message, not before it. 205.248.102.81 (talk) 21:28, 7 February 2008 (UTC)
Besides the spelling mistakes and other errors, the diagram needs a legend explaining what all those colored boxes mean. -Andreas Toth (talk) 02:27, 19 February 2008 (UTC)
Vectorized version available
[edit]A vectorized version of this diagram is now available, see commons:Image:SSL handshake with two way authentication with certificates.svg, thus fixing remaining problems and adding a legend should be easy now.
Client Certifikate (Encrypted with Private Key Client) ??
[edit]In Phase 3 -- client certifikate (encrypted with Private Key Client) -- may be an error. Why should the client send its certificate encrypted with its own private key? And if it is the case, how will the server check the validity of the encrypted certificate? I'm not sure if I am right; maybe I'm all the more confused.
I was searching on the Internet for some "properly done" sequence diagram for HTTPS/SSL communication, but found none. Can someone help me out..! ddas|edEn (talk) 08:10, 5 March 2008 (UTC)
Some Sequence Diagrams
[edit]These are some links to documents containing related sequence diagrams that I found on the web. They give some idea atleast in understanding a typical Secure Connection sequence:
1. HTTP Post Sequence Diagram - [1]
2. Internet Explorer Web Browsing Sequence Diagram - [2]
3. SSL Processing and basic Cryptography Concepts - [3]
4. Establishing Secure Communications - [4]
5. Message Sequence Diagram of TLS-SA Proof of Concept implementation - [5]
6. Simplified SSL Handshake Sequence - [6]
7. The SSL Handshake - [7]
8. How SSL Establish Connections, step-by-step - [8]