0


用Wireshark分析TLS(v1.2)

准备工作

Wireshark是一个非常强大的网络分析软件,下载地址:
Wireshark · Download,目前最新版本是4.0.4。选择Windows的安装包下载安装,安装后以管理员身份运行Wireshark,打开页面如下:

选择自己联网的网卡,我这里是用WLAN,点击左上角工具栏中蓝色的鲨鱼鳍开始捕获分组,用postman调用一个https的接口捕获结果如下(过滤器ip.addr == 43.138.42.168 and tls):

Linux下可以使用tcpdump命令抓取网络包,并保存为pcap格式,在Windows上用Wireshark可以打开这种格式的文件。

# linux下用tcpdump抓取网络包
# -i是抓取的指定网卡,port和host指定抓取的端口和主机 -w是保存为文件
tcpdump -s 0  -i eth1  port 443 and host 43.138.42.168 -w https.pcap

从上面抓取的网络包中可以看出客户端与服务器通信的TLS版本为1.2。选取第一个包,内容结构如下图:

上图的包结构从上到下依次是
物理层的数据帧,数据链路层的Ethernet帧,IP层的IP包头,TCP层的TCP包头,TLS层及负载的上层HTTP数据。

ClientHello

展开TLS层,这个包是ClientHello消息,全部展开后如下

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 253
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 249
            Version: TLS 1.2 (0x0303)
            Random: 8f8f55540f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55be
                GMT Unix Time: Apr 28, 2046 21:36:20.000000000 中国标准时间
                Random Bytes: 0f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55be
            Session ID Length: 32
            Session ID: 8b0e809778170dfa75738b0b9399f23169b0ae1f83019fb878124b341d3a42d8
            Cipher Suites Length: 36
            Cipher Suites (18 suites)
                Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
                Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 140
            Extension: server_name (len=20)
                Type: server_name (0)
                Length: 20
                Server Name Indication extension
                    Server Name list length: 18
                    Server Name Type: host_name (0)
                    Server Name length: 15
                    Server Name: selflias.com.cn
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: supported_groups (len=8)
                Type: supported_groups (10)
                Length: 8
                Supported Groups List Length: 6
                Supported Groups (3 groups)
                    Supported Group: x25519 (0x001d)
                    Supported Group: secp256r1 (0x0017)
                    Supported Group: secp384r1 (0x0018)
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Data (0 bytes)
            Extension: signature_algorithms (len=20)
                Type: signature_algorithms (13)
                Length: 20
                Signature Hash Algorithms Length: 18
                Signature Hash Algorithms (9 algorithms)
                    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: SM2 (4)
                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (5)
                    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (6)
                    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
            Extension: key_share (len=38)
                Type: key_share (51)
                Length: 38
                Key Share extension
                    Client Key Share Length: 36
                    Key Share Entry: Group: x25519, Key Exchange length: 32
                        Group: x25519 (29)
                        Key Exchange Length: 32
                        Key Exchange: a61abd6c612929a731944317da01f71321bad1cb973895cfe8421c73e70fcd72
            Extension: psk_key_exchange_modes (len=2)
                Type: psk_key_exchange_modes (45)
                Length: 2
                PSK Key Exchange Modes Length: 1
                PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
            Extension: supported_versions (len=9)
                Type: supported_versions (43)
                Length: 9
                Supported Versions length: 8
                Supported Version: TLS 1.3 (0x0304)
                Supported Version: TLS 1.2 (0x0303)
                Supported Version: TLS 1.1 (0x0302)
                Supported Version: TLS 1.0 (0x0301)
            [JA3 Fullstring: 771,4865-4866-4867-49199-49195-49200-49196-52393-52392-49161-49171-49162-49172-156-157-47-53-10,0-23-65281-10-11-35-13-51-45-43,29-23-24,0]
            [JA3: dda262729e5413660ec0e6a8d4279860]

可以看出TLS的记录层总共253字节,Content Type为握手数据。

ClientHello消息共占249字节,最高支持TLS 1.2版本。

Random是客户端的随机数。

Session ID长度为32字节。

支持的密码套件(Cipher Suite)有18个,占36字节,优先支持TLS_AES_128_GCM_SHA256。Compression Methods压缩方法为null。

扩展占140字节,第一个扩展是SNI扩展,请求的主机名为
selflias.com.cn。

supported_groups扩展,支持三个曲线x25519、secp256r1、secp384r1。

还支持SessionTicket扩展。

signature_algorithms签名算法支持9种。

ServerHello

接下来是服务器回应的SeverHello消息,展开如下

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 69
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 65
            Version: TLS 1.2 (0x0303)
            Random: fbdf8dffb78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36
                GMT Unix Time: Nov 29, 2103 06:28:15.000000000 中国标准时间
                Random Bytes: b78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36
            Session ID Length: 0
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Compression Method: null (0)
            Extensions Length: 25
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: server_name (len=0)
                Type: server_name (0)
                Length: 0
            Extension: ec_point_formats (len=4)
                Type: ec_point_formats (11)
                Length: 4
                EC point formats Length: 3
                Elliptic curves point formats (3)
                    EC point format: uncompressed (0)
                    EC point format: ansiX962_compressed_prime (1)
                    EC point format: ansiX962_compressed_char2 (2)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Data (0 bytes)
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            [JA3S Fullstring: 771,49199,65281-0-11-35-23]
            [JA3S: 098e26e2609212ac1bfac552fbe04127]

ServerHello的消息说明服务器和客户端使用TLS v1.2处理本次会话,TLS记录层共占69字节,SeverHello消息占65字节。

Random是服务器生成的随机数。

Session ID为空,服务器不适用Session ID作为会话恢复,而是支持SessionTicket。

协商的密码套件为TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256。

不启用压缩。

扩展长度为25字节,共处理客户端的5个扩展。

Certificate

服务器在发送完ServerHello之后马上发送了Certificate子消息,展开结构如下

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 2972
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 2968
            Certificates Length: 2965
            Certificates (2965 bytes)
                Certificate Length: 1668
                Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01
                        signature (sha384WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
                        validity
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=selflias.com.cn)
                        subjectPublicKeyInfo
                        extensions: 9 items
                    algorithmIdentifier (sha384WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
                    Padding: 0
                    encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…
                Certificate Length: 1291
                Certificate: 30820507308203efa003020102021100b20ced552e31a0bf343a7528743be9ab300d0609… (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 0x00b20ced552e31a0bf343a7528743be9ab
                        signature (sha256WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 5 items (id-at-commonName=AAA Certificate Services,id-at-organizationName=Comodo CA Limited,id-at-localityName=Salford,id-at-stateOrProvinceName=Greater Manchester,id-at-countryName=GB)
                        validity
                        subject: rdnSequence (0)
                            rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
                        subjectPublicKeyInfo
                        extensions: 8 items
                    algorithmIdentifier (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    Padding: 0
                    encrypted: 1cc5289b97312237b6222154ee6382b01af617a098794e5cc9f43f01ea7d9005d8503b96…

可以看出服务器发送了两张证书,一张是服务器自己的证书,一张是中间证书。

服务器自己的证书由TrustAsia RSA DV TLS CA G2颁发,中间证书由AAA Certificate Services颁发。两张证书都使用sha256WithRSA算法签名。

服务器证书的详细结构

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 2972
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 2968
            Certificates Length: 2965
            Certificates (2965 bytes)
                Certificate Length: 1668
                Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)
                    signedCertificate
                        version: v3 (2)
                        serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01
                        signature (sha384WithRSAEncryption)
                            Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
                        issuer: rdnSequence (0)
                            rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
                                RDNSequence item: 1 item (id-at-countryName=CN)
                                    RelativeDistinguishedName item (id-at-countryName=CN)
                                        Object Id: 2.5.4.6 (id-at-countryName)
                                        CountryName: CN
                                RDNSequence item: 1 item (id-at-organizationName=TrustAsia Technologies, Inc.)
                                    RelativeDistinguishedName item (id-at-organizationName=TrustAsia Technologies, Inc.)
                                        Object Id: 2.5.4.10 (id-at-organizationName)
                                        DirectoryString: printableString (1)
                                            printableString: TrustAsia Technologies, Inc.
                                RDNSequence item: 1 item (id-at-commonName=TrustAsia RSA DV TLS CA G2)
                                    RelativeDistinguishedName item (id-at-commonName=TrustAsia RSA DV TLS CA G2)
                                        Object Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: TrustAsia RSA DV TLS CA G2
                        validity
                            notBefore: utcTime (0)
                                utcTime: 2022-10-19 00:00:00 (UTC)
                            notAfter: utcTime (0)
                                utcTime: 2023-10-19 23:59:59 (UTC)
                        subject: rdnSequence (0)
                            rdnSequence: 1 item (id-at-commonName=selflias.com.cn)
                                RDNSequence item: 1 item (id-at-commonName=selflias.com.cn)
                                    RelativeDistinguishedName item (id-at-commonName=selflias.com.cn)
                                        Object Id: 2.5.4.3 (id-at-commonName)
                                        DirectoryString: printableString (1)
                                            printableString: selflias.com.cn
                        subjectPublicKeyInfo
                            algorithm (rsaEncryption)
                                Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
                            subjectPublicKey: 3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…
                                modulus: 0x00d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc790a4ebfc132f0c2…
                                publicExponent: 65537
                        extensions: 9 items
                            Extension (id-ce-authorityKeyIdentifier)
                            Extension (id-ce-subjectKeyIdentifier)
                            Extension (id-ce-keyUsage)
                            Extension (id-ce-basicConstraints)
                            Extension (id-ce-extKeyUsage)
                            Extension (id-ce-certificatePolicies)
                            Extension (id-pe-authorityInfoAccess)
                            Extension (id-ce-subjectAltName)
                            Extension (SignedCertificateTimestampList)
                    algorithmIdentifier (sha384WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
                    Padding: 0
                    encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…

可以看出证书的版本是X.509 v3版本。

序列号是0x00f0bb16defd41d3ba7cf205dccec0ae01。

签名算法为sha384WithRSA。

颁发者是TrustAsia RSA DV TLS CA G2。

有效期是2022-10-19 00:00:00到2023-10-19 23:59:59

公钥值是3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…

包含了9个证书扩展。

服务器证书扩展的结构


extensions: 9 items
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
    keyIdentifier: 5f3a7c11107e0c677161dc8ba3b5000367f5571c
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 116c594baff606c89c4c6f69b663ba08946c8a7b
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 5
KeyUsage: a0
    1... .... = digitalSignature: True
    .0.. .... = contentCommitment: False
    ..1. .... = keyEncipherment: True
    ...0 .... = dataEncipherment: False
    .... 0... = keyAgreement: False
    .... .0.. = keyCertSign: False
    .... ..0. = cRLSign: False
    .... ...0 = encipherOnly: False
    0... .... = decipherOnly: False
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax [0 length]
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 items
    KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
    KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 2 items
    PolicyInformation
        policyIdentifier: 1.3.6.1.4.1.6449.1.2.2.49 (iso.3.6.1.4.1.6449.1.2.2.49)
        policyQualifiers: 1 item
            PolicyQualifierInfo
                Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
                DirectoryString: https://sectigo.com/CPS
    PolicyInformation
        policyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
    AccessDescription
        accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
        accessLocation: 6
            uniformResourceIdentifier: http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt
    AccessDescription
        accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
        accessLocation: 6
            uniformResourceIdentifier: http://ocsp.trust-provider.cn
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 2 items
    GeneralName: dNSName (2)
        dNSName: selflias.com.cn
    GeneralName: dNSName (2)
        dNSName: www.selflias.com.cn
Extension (SignedCertificateTimestampList)
Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
Serialized SCT List Length: 362
Signed Certificate Timestamp (Google 'Xenon2023' log)
    Serialized SCT Length: 119
    SCT Version: 0
    Log ID: adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a
    Timestamp: Oct 19, 2022 06:37:15.021000000 UTC
    Extensions length: 0
    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Length: 72
    Signature: 3046022100d3ca45fe7bf14bb759de71a2b35f708b065dd968f8b30e78865721f8575974…
Signed Certificate Timestamp (Cloudflare 'Nimbus2023' Log)
    Serialized SCT Length: 119
    SCT Version: 0
    Log ID: 7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52
    Timestamp: Oct 19, 2022 06:37:14.965000000 UTC
    Extensions length: 0
    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Length: 72
    Signature: 30460221008b154b640290a4d0c7b8fd87254d0f2d0c342e55e918ffce866d92a546499d…
Signed Certificate Timestamp (Google 'Argon2023' log)
    Serialized SCT Length: 118
    SCT Version: 0
    Log ID: e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e
    Timestamp: Oct 19, 2022 06:37:14.919000000 UTC
    Extensions length: 0
    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Length: 71
    Signature: 304502204b602d371ffd3a0a247afb3c64c8f262b7c282c333047fa6a4f203758917d1fe…

其中重要的扩展,即critical=True的有:

id-ce-keyUsage,表示该证书可以用于密钥交换和数字签名。

id-ce-basicConstraints,表示该证书是一张普通证书,不能签发其他证书。

Server Key Exchange

密钥协商算法是TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,证书中没有包含ECDH参数等信息,所以服务器发送ServerKeyExchange消息。

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 300
        Handshake Protocol: Server Key Exchange
            Handshake Type: Server Key Exchange (12)
            Length: 296
            EC Diffie-Hellman Server Params
                Curve Type: named_curve (0x03)
                Named Curve: x25519 (0x001d)
                Pubkey Length: 32
                Pubkey: 37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176
                Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: SM2 (4)
                Signature Length: 256
                Signature: 37936b9ead1368308a601245cf01e35274774210b59fe3343f48f4e202c54a7df8ee1de4…

可以看出采用的是命名曲线x25519,公钥是37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176,签名算法是rsa_pss_rsae_sha256。

Server Hello Done

Server Hello Done是一条空消息,通知客户端服务器已准备好预备主密钥协商。

TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 4
    Handshake Protocol: Server Hello Done
        Handshake Type: Server Hello Done (14)
        Length: 0

Client Key Exchange

客户端给服务器发送自己的ECDH公钥

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 37
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 33
            EC Diffie-Hellman Client Params
                Pubkey Length: 32
                Pubkey: 06b90ea70ed26d8c05756acb7b0f2d6cbd342f4dbad35cb1c1db8d219dc37d6a

客户端Change Cipher Spec

客户端发送该消息告诉服务器端,客户端可以使用TLS记录层协议进行密码学保护了,下一条消息就是加密的消息。

Transport Layer Security
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message

客户端Encrypted Handshake Message

加密过的Finished子消息。

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

New Session Ticket

表示服务器支持Session Ticket会话恢复,发送给客户端Ticket值aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…。

Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 218
        Handshake Protocol: New Session Ticket
            Handshake Type: New Session Ticket (4)
            Length: 214
            TLS Session Ticket
                Session Ticket Lifetime Hint: 300 seconds (5 minutes)
                Session Ticket Length: 208
                Session Ticket: aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…

服务器的ChangeCipherSpec和EncryptedHandshakeMessage

和客户端的同类子消息类似。

Transport Layer Security
    TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.2 (0x0303)
        Length: 1
        Change Cipher Spec Message
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 40
        Handshake Protocol: Encrypted Handshake Message

Application Data

这个消息就是加密后的上层协议的内容了,客户端与服务器已经完成握手,展开如下

Transport Layer Security
    TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
        Content Type: Application Data (23)
        Version: TLS 1.2 (0x0303)
        Length: 328
        Encrypted Application Data: 000000000000000129b0d62974ec77cb57c0a3eca6987622a8e9fd57bcfb5ca8a7e3fff7…
        [Application Data Protocol: Hypertext Transfer Protocol]

可以看到http的整个请求都被加密了。

总结

TLS握手对应多种情况,这里展示的是基于ECDHE密码套件的握手场景。其他还有基于会话恢复的简短握手的场景,有不同密码套件发送不一样的握手内容的场景,实际在分析时需要慢慢总结。

标签: wireshark 网络

本文转载自: https://blog.csdn.net/qq_32076957/article/details/129430270
版权归原作者 lee241973 所有, 如有侵权,请联系我们删除。

“用Wireshark分析TLS(v1.2)”的评论:

还没有评论