Cipher suite selection method and cipher suite selection device used for handshake processing process

An encryption suite and device selection technology, applied in the field of cloud computing processing, can solve problems such as HTTP2 handshake failure, high overhead, and reduce server-side processing pressure, so as to improve intelligence and save overhead

Active Publication Date: 2018-08-21
GUIZHOU BAISHANCLOUD TECH CO LTD
View PDF8 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When there is a mixed deployment of the old version of HTTPS and HTTP2 protocols, in some scenarios, the server may wish to use a low-strength encryption suite for the old version of HTTPS to reduce the processing pressure on the server, which will lead to HTTP2 requests. handshake failed
In order to make the HTTP2 handshake successful, the cipher suite list is fixed in the form required by the HTTP2 protocol. For the HTTPS handshake, it will cause a large overhead during the handshake.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cipher suite selection method and cipher suite selection device used for handshake processing process
  • Cipher suite selection method and cipher suite selection device used for handshake processing process
  • Cipher suite selection method and cipher suite selection device used for handshake processing process

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] figure 1 It is a flow chart of a method for selecting a cipher suite in Embodiment 1, and the method includes:

[0049] The server receives the handshake request; when judging from the handshake request that the version number of the transport security layer protocol is less than the preset version number, the cipher suite corresponding to the HTTPS protocol is used for handshake processing.

[0050] This method also includes: when the server judges that the version number of the security transport layer protocol is greater than or equal to the preset version number according to the handshake request, when judging that there is no extended parameter of the application layer protocol negotiation ALPN in the client greeting message of the handshake request, use The cipher suite corresponding to the HTTPS protocol performs handshake processing.

[0051]The method also includes: judging that there is an extension parameter of application layer protocol negotiation ALPN in ...

Embodiment 2

[0054] figure 2 It is a structural diagram of the device for selecting an cipher suite in Embodiment 2; applied to a server, the device includes a receiving module, a judging module, and a selecting module.

[0055] The receiving module is used to receive the handshake request;

[0056] The judging module is used to judge whether the version number of the security transport layer protocol is less than the preset version number according to the handshake request;

[0057] The selection module is used to use the encryption suite corresponding to the HTTPS protocol to perform handshake processing when the judging module judges that the version number of the transport security layer protocol is less than the preset version number according to the handshake request.

[0058] in,

[0059] The judging module is also used to judge whether the version number of the security transport layer protocol is greater than or equal to the preset version number according to the handshake requ...

Embodiment 3

[0064] image 3 It is a flow chart of the method for selecting a cipher suite in Embodiment 3, and the method includes:

[0065] Step 1, the server receives the handshake request and performs accelerated processing;

[0066] Step 2: When it is judged according to the handshake request that the version number of the transport security layer protocol is smaller than the preset version number, use the intersection of the cipher suite corresponding to the HTTPS protocol and the cipher suite corresponding to the accelerated processing to perform handshake processing.

[0067] This method also includes step 3, when the server judges that the version number of the security transport layer protocol is greater than or equal to the preset version number according to the handshake request, when judging that there is no extended parameter of the application layer protocol negotiation ALPN in the client greeting message of the handshake request , use the intersection of the cipher suite c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cipher suite selection method and a cipher suite selection device used for a handshake processing process. The cipher suite selection method comprises steps that a handshakerequest is received by a server, and when a version number of a safety transmission later protocol is smaller than a preset version number according to the handshake processing process, a cipher suitecorresponding to a HTTPS protocol is used for the handshake processing. Compatibility of selection of a cipher suite list is realized during the handshake processing under an old version of HTTPS anda new version of HTTPS, and on the basis of the old version of HTTPS, the cipher suite having low safety strength and high performance is realized, and the HTTP2 handshake adopting the high-strengthcipher suite is also fully supported, and therefore the intelligent performance of the handshake processing process can be improved, and the successful handshake during the use of different versions of protocols is guaranteed, and costs can be saved.

Description

technical field [0001] The invention relates to the field of cloud computing processing, in particular to a method and device for selecting an encryption suite during handshaking processing. Background technique [0002] The security-oriented HTTP channel (Hyper Text Transfer Protocol over SecureSocket Layer, HTTPS) is a commonly used protocol in cloud computing processing systems, and new versions are constantly appearing with the development of technology. The HTTP2 protocol is a successor version of HTTP 1.1, developed based on the SPDY protocol proposed by Google, and the specific content of the protocol is regulated by RFC 7540. A significant difference between HTTP2 and the old version of HTTP is that when using encrypted communication based on the Transport Layer Security protocol (TLS), HTTP2 mandates the set of cipher suites that can be used, and Appendix A of RFC 7540 lists prohibited Suite list, HTTP2 prohibits most low-strength cipher suites. When there is a mi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/168H04L67/02
Inventor 杨洋苗辉
Owner GUIZHOU BAISHANCLOUD TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap