Previous Topic Next topic Print topic


Replay Attack

Restriction: This topic applies only when the Enterprise Server feature is enabled.

In a replay attack, an attacker records an exchange of messages between a client and server and tries to recreate the exchange later by resending the client messages to the server.

To prevent this, SSL has a nonce number. This is a connection-id, which the server generates as a random number and sends to the client together with the server certificate. Since the nonce is different for each session, someone resending the old set of client messages cannot fool the server into thinking they are a new set. SSL nonces are 128 bits long.

Previous Topic Next topic Print topic