Handshake Protocol

← Back to Protocol Extensions and Quantum Signatures

Introduction

When two nodes in the XRP Ledger overlay network establish a connection, they must verify each other's identity, agree on communication protocols, and establish mutual trust. This process, called the handshake, is critical for network security and interoperability.

The handshake prevents unauthorized nodes from joining the network, ensures protocol compatibility between peers, and establishes the cryptographic foundation for secure communication. Understanding this process is essential for debugging connection issues and implementing protocol upgrades.

Handshake Objectives

The handshake accomplishes several essential goals:

Authentication: Each node proves its identity using cryptographic signatures. This prevents impersonation attacks where a malicious node pretends to be a trusted validator.

Protocol Negotiation: Nodes agree on the protocol version and features they will use for communication. This enables the network to evolve while maintaining backward compatibility.

Trust Establishment: Both parties verify that the other is a legitimate participant running compatible software. This ensures network integrity.

Capability Exchange: Nodes share information about their supported features, enabling peers to optimize their communication strategies.

HTTP Upgrade and Handshake

(README)

  • Outbound peer initiates a TLS connection, then sends an HTTP/1.1 request with URI "/" and uses the HTTP/1.1 Upgrade mechanism with custom headers.

  • Both sides verify the provided signature against the session's unique fingerprint.

  • If signature check fails, the link is dropped.

PeerImp::run and doAccept

PeerImp::run (PeerImp.cpp):

  • Ensures execution on the correct strand for thread safety.

  • Parses handshake headers ("Closed-Ledger", "Previous-Ledger").

  • Stores parsed ledger hashes in peer state.

  • If inbound, calls doAccept(). If outbound, calls doProtocolStart().

PeerImp::doAccept (PeerImp.cpp):

  • Asserts read buffer is empty.

  • Logs the accept event.

  • Generates shared value for session.

  • Logs protocol and public key.

  • Checks for cluster membership and assigns name if present.

  • Calls overlay_.activate(shared_from_this()) to register the peer as active.

  • Prepares and sends handshake response.

  • On successful write, calls doProtocolStart().

Conclusion

The handshake protocol establishes secure, authenticated connections between XRP Ledger nodes. Through TLS encryption, cryptographic signatures, and careful protocol negotiation, it ensures that only legitimate nodes can participate in the network while maintaining compatibility across different software versions. Understanding this process is essential for diagnosing connection issues and implementing protocol enhancements.

PreviousConnection LifecycleNextMessage Relaying

Last updated