Pluggable cipher suite negotiation
First Claim
1. A computer-implemented method, comprising:
- as part of a negotiation of a cryptographically protected communications session with a client computer system, receiving information to a server computer system that specifies a list of client-supported cipher suites from the client computer system and a list of pluggable capabilities from the client computer system;
determining, based at least in part on the negotiation of the cryptographically protected communications session, to provide a pluggable cipher suite to the client computer system;
identifying the pluggable cipher suite to the client computer system;
causing the client computer system to acquire, from a cipher suite server, executable code that, as a result of being executed by the client computer system, causes the client computer system to utilize the pluggable cipher suite that is supported by the server computer system; and
establishing the cryptographically protected communications session with the client computer system using the pluggable cipher suite.
1 Assignment
0 Petitions
Accused Products
Abstract
The present document describes systems and methods that provide pluggable cipher suites. In one embodiment, a client and a server perform a secure transport handshake that negotiates a set of supported cipher suites. The server determines if the cipher suites supported by the client are acceptable. When the server determines that the cipher suites supported by the client are not acceptable, the server provides a pluggable cipher suite to the client. The client runs the pluggable cipher suite in a sandboxed environment, and uses the pluggable cipher suite to add support for one or more additional cipher suites. In some implementations, the pluggable cipher suite is provided by a third-party server.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
as part of a negotiation of a cryptographically protected communications session with a client computer system, receiving information to a server computer system that specifies a list of client-supported cipher suites from the client computer system and a list of pluggable capabilities from the client computer system; determining, based at least in part on the negotiation of the cryptographically protected communications session, to provide a pluggable cipher suite to the client computer system; identifying the pluggable cipher suite to the client computer system; causing the client computer system to acquire, from a cipher suite server, executable code that, as a result of being executed by the client computer system, causes the client computer system to utilize the pluggable cipher suite that is supported by the server computer system; and establishing the cryptographically protected communications session with the client computer system using the pluggable cipher suite. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
one or more processors; and a memory storing executable instructions that, as a result of being executed on the one or more processors, cause the system to; receive information specifying a set of cipher suites supported by a client computer system; determine to provide a pluggable cipher suite that is not in the set of cipher suites; as a result of determining to provide the pluggable cipher suite, cause the client computer system to acquire, from a cipher suite server, executable code that, as a result of being executed by the client computer system, causes the client computer system to utilize the pluggable cipher suite; and establish a cryptographically protected communications session with the client computer system using the pluggable cipher suite. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
as part of a negotiation of a cryptographically protected communications session, provide, to a server device, a set of supported cipher suites; receive, as a result of the negotiation, information that identifies a pluggable cipher suite that is compatible with a set of pluggable capabilities; acquire, from a cipher suite server, executable code that, as a result of being executed by the computer system, allows the computer system to use the pluggable cipher suite; and use the pluggable cipher suite to communicate over the cryptographically protected communications session with the server device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification