The SSL Handshake806 Managing Servers with Netscape Console • December 2001doesn’t correspond to the private key used by the CA to sign the servercertificate, the client won’t authenticate the server’s identity. If the CA’s digitalsignature can be validated, the server treats the user’s certificate as a valid“letter of introduction” from that CA and proceeds. At this point, the client hasdetermined that the server certificate is valid. It is the client’s responsibility totake Step 4 before Step 5.4. Does the domain name in the server’s certificate match the domain name ofthe server itself? This step confirms that the server is actually located at thesame network address specified by the domain name in the server certificate.Although step 4 is not technically part of the SSL protocol, it provides the onlyprotection against a form of security attack known as “man in the middle.”Clients must perform this step and must refuse to authenticate the server orestablish a connection if the domain names don’t match. If the server’s actualdomain name matches the domain name in the server certificate, the client goeson to Step 5.5. The server is authenticated. The client proceeds with the SSL handshake. If theclient doesn’t get to step 5 for any reason, the server identified by the certificatecannot be authenticated, and the user will be warned of the problem andinformed that an encrypted and authenticated connection cannot beestablished. If the server requires client authentication, the server performs thesteps described in “Client Authentication,” which begins on page 807.After the steps described here, the server must successfully use its private key todecrypt the premaster secret the client sends in Step 4 of “The SSL Handshake,”which begins on page 802. Otherwise, the SSL session will be terminated. Thisprovides additional assurance that the identity associated with the public key inthe server’s certificate is in fact the server with which the client is connected.Man-in-the-Middle AttackAs suggested in Step 4 above, the client application must check the server domainname specified in the server certificate against the actual domain name of theserver with which the client is attempting to communicate. This step is necessary toprotect against a man-in-the-middle attack, which works as follows.The “man in the middle” is a rogue program that intercepts all communicationbetween the client and a server with which the client is attempting to communicatevia SSL. The rogue program intercepts the legitimate keys that are passed back andforth during the SSL handshake, substitutes its own, and makes it appear to theclient that it is the server, and to the server that it is the client.
