CN-116827632-B - Application data message processing method and device for transport layer security protocol

Abstract

The application relates to an application data message processing method and device for a transport layer security protocol. The method comprises the steps that a server side obtains application data of a client side based on a transport layer security protocol, obtains a TLS negotiation state of a current session, caches the application data when the TLS negotiation state of the current session is a waiting state, obtains a decryption key when the TLS negotiation state of the current session is a connection state, and decrypts and processes the application data through the decryption key. The application data message processing method and device for the transport layer security protocol can solve the problem of service failure caused by too short transmission gaps between the transmission completion message and the application data message of the client, thereby ensuring the accuracy and the effectiveness of information transmission in communication connection.

Inventors

• ZHANG YUNFEI

Assignees

• 杭州迪普科技股份有限公司

Dates

Publication Date

20260505

Application Date

20230628

Claims (9)

1. 1. A method for processing application data messages for a transport layer security protocol, comprising: The server side obtains a sending completion message of the client side based on a transport layer security protocol, wherein the sending completion message is CLIENT FINISHED messages; setting the TLS negotiation state of the current session as a waiting state; when the validity judgment is passed, setting the TLS negotiation state of the current session as a connection state; The method comprises the steps that a service end obtains application data information of a client based on a transport layer security protocol, wherein the application data information is application data information; acquiring a TLS negotiation state of a current session; Caching the application data message when the TLS negotiation state of the current session is a waiting state; when the TLS negotiation state of the current session is a connection state, acquiring a decryption key; and decrypting and processing the application data message through the decryption key.
2. 2. The method of claim 1, wherein the transport layer security protocol is TLS1.3 protocol version.
3. 3. The method of claim 1, wherein before the server obtains the transmission completion message of the client based on the transport layer security protocol, further comprising: the server side obtains a Hello message of the Client side based on a transport layer security protocol, wherein the Hello message is a Client Hello message; Key data and protocol parameters are exchanged between the server and the client based on hello messages; After the authentication is passed, the client generates a transmission completion message of the client.
4. 4. The method of claim 1, wherein after setting the TLS negotiation state of the current session to the connected state, further comprising: And decrypting and processing the application data message in the cache.
5. 5. The method of claim 1, wherein setting the TLS negotiation state of the current session to a connected state upon the passing of a validity determination comprises: generating a decryption key of the sending completion message of the client; Decrypting the sending completion message of the client according to the decryption key to generate plaintext data; judging the validity of the plaintext data; when the validity judgment is passed, setting the TLS negotiation state of the current session as a connection state; And when the validity judgment is not passed, disconnecting the current session.
6. 6. The method of claim 5, wherein decrypting the client's transmission completion message based on the decryption key generates plaintext data, comprising: and decrypting the sending completion message of the client by the hardware decryption module to generate plaintext data.
7. 7. The method of claim 5, wherein setting the TLS negotiation state of the current session to a connected state upon the passing of a validity determination, further comprises: a decryption key for decrypting the application data message is generated.
8. 8. The method of claim 1, wherein buffering the application data message when the TLS negotiation state of the current session is a wait state comprises: And when the TLS negotiation state of the current session is a waiting state, sending the application data message to a cache queue for caching.
9. 9. An application data message processing apparatus for a transport layer security protocol, comprising: The data module is used for the server to acquire a transmission completion message of the client based on the transport layer security protocol, wherein the transmission completion message is CLIENT FINISHED messages, the TLS negotiation state of the current session is set to be a waiting state, the TLS negotiation state of the current session is set to be a connection state when the validity judgment is passed, and the server to acquire application data of the client based on the transport layer security protocol, wherein the application data is an application data message; A state module for acquiring TLS negotiation state of the current session; The caching module is used for caching the application data message when the TLS negotiation state of the current session is a waiting state; the key module is used for acquiring a decryption key when the TLS negotiation state of the current session is a connection state; And the processing module is used for decrypting and processing the application data message through the decryption key.

Description

Application data message processing method and device for transport layer security protocol Technical Field The present application relates to the field of computer information processing, and in particular, to a method and apparatus for processing an application data message for a transport layer security protocol. Background The TLS1.3 is a brand new TLS (transport layer security) encryption protocol, and compared with the TLS1.2, the TLS1.3 can not only improve the access speed of internet users in all places, but also enhance the security. TLS1.3 improves performance, efficiency and security by removing support for old and broken cryptographic protocols, such as CBC mode ciphers, SHA-1 hash functions, various Diffie-Hellman groups, RSA key transmission, RC4 stream ciphers, export ciphers, which also improve speed by simplifying the TLS handshake so that it only needs one round trip, not two in the previous version. By simplifying the handshake, latency can be reduced and performance improved. In the prior art, the TLS1.3 state machine, upon receiving a send complete (CLIENT FINISHED) message, needs to parse the message first to obtain the decryption key for the subsequent message. At this time, if application data (application data) of the client is immediately sent, according to the processing steps in the prior art, the application data message cannot be decrypted, and the application data message processing fails. Therefore, a new method and apparatus for processing application data messages for a transport layer security protocol are needed. The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art. Disclosure of Invention In view of the above, the present application provides a method and an apparatus for processing application data messages for a transport layer security protocol, which can solve the problem of service failure caused by too short transmission gaps between a transmission completion message of a client and application data messages, thereby ensuring accuracy and effectiveness of information transmission in communication connection. Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application. According to one aspect of the application, an application data message processing method for a transport layer security protocol is provided, and the method comprises the steps that a server side obtains application data of a client side based on the transport layer security protocol, obtains a TLS negotiation state of a current session, caches the application data when the TLS negotiation state of the current session is a waiting state, obtains a decryption key when the TLS negotiation state of the current session is a connection state, and decrypts and processes the application data through the decryption key. In an exemplary embodiment of the application, the transport layer security protocol is the TLS1.3 protocol version. In an exemplary embodiment of the present application, before the server obtains the application data message of the client based on the transport layer security protocol, the method further includes that the server obtains a sending completion message of the client based on the transport layer security protocol, the sending completion message is CLIENT FINISHED, the TLS negotiation state of the current session is set to be a waiting state, and when the validity judgment passes, the TLS negotiation state of the current session is set to be a connection state. In an exemplary embodiment of the application, before the server side obtains the sending completion message of the Client side based on the transport layer security protocol, the method further comprises the steps that the server side obtains the Hello message of the Client side based on the transport layer security protocol, the Hello message is a Client Hello message, key data and protocol parameters are exchanged between the server side and the Client side based on the Hello message, and after authentication is passed, the Client side generates the sending completion message of the Client side. In an exemplary embodiment of the present application, after setting the TLS negotiation state of the current session to the connection state, decrypting and processing the application data message in the cache is further included. In an exemplary embodiment of the present application, when the validity judgment passes, the TLS negotiation state of the current session is set to a connection state, which includes generating a decryption key of a transmission completion message of the client, decrypting the transmission completion message of the client according to the decryption key to generate plaintext data, judg