什么是 SSL 上下文? [英] What is SSL context?
问题描述
在为 SSL 编程时,无论您选择哪种语言(C++、Java、Ruby 等),您都可能会遇到要使用的 SSLContext 对象.我不知道 SSLContext 在语义上是什么意思?当我在 google 上搜索它时,只会出现许多页面来解释这种对象在各种编程语言中的语法用法.
When programming for a SSL, no matter which language you choose (C++, Java, Ruby etc.), you probably encounter SSLContext object which would be used. I do not know what does SSLContext semantically means? When I search google for it, there just come many pages explaining the syntactical usage of such object for various programming languages.
我的问题:SSLContext 在 SSL 方面的含义/作用是什么?不管实现它的语言是什么.
My Question: What does SSLContext mean/do in terms of SSL? Regardless of the language which implements it.
推荐答案
SSL 上下文 是密码、协议版本、可信证书、TLS 选项、TLS 扩展等的集合.由于具有相同设置的多个连接很常见,因此它们被放在一个上下文和相关的然后基于此上下文创建 SSL 连接.并且要创建一个新的连接,您只需要参考上下文,与您必须重新创建所有这些设置的情况相比,这样可以节省时间和内存.
SSL Context is a collection of ciphers, protocol versions, trusted certificates, TLS options, TLS extensions etc. Since it is very common to have multiple connections with the same settings they are put together in a context and the relevant SSL connections are then created based on this context. And to create a new connection you need only refer to the context which thus saves time and memory compared to the case you would have to re-create of all these settings.
@EJP 很好地将这个集合"描述为工厂.SSL 上下文与 SSL 会话不同甚至两者都是设置的集合.会话是您在 SSL 握手后获得的内容,仅涵盖双方同意的密码和协议版本以及交换的密钥.而上下文涵盖了所有密码和协议版本,以及本地系统(客户端或服务器)在建立新的 TLS 连接时愿意支持的受信任证书列表.因此,SSL 会话描述了已建立的 SSL 关系,而 SSL 上下文描述了建立 SSL 关系所需的内容.
@EJP nicely describes this "collection" as factory. A SSL context is not the same as a SSL session even both are collections of settings. A session is what you get after the SSL handshake and covers only the cipher and protocol version both parties agreed on and also the exchanged key. Whereas the context covers all the ciphers and protocol versions and also the list of trusted certificates the local system (client or server) is willing to support when establishing a new TLS connection. Thus a SSL session describes an established SSL relation while the SSL context describes what you need to establish an SSL relation.
这篇关于什么是 SSL 上下文?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
