准备工作
Wireshark是一个非常强大的网络分析软件,下载地址:
Wireshark · Download,目前最新版本是4.0.4。选择Windows的安装包下载安装,安装后以管理员身份运行Wireshark,打开页面如下:
选择自己联网的网卡,我这里是用WLAN,点击左上角工具栏中蓝色的鲨鱼鳍开始捕获分组,用postman调用一个https的接口捕获结果如下(过滤器ip.addr == 43.138.42.168 and tls):
Linux下可以使用tcpdump命令抓取网络包,并保存为pcap格式,在Windows上用Wireshark可以打开这种格式的文件。
# linux下用tcpdump抓取网络包
# -i是抓取的指定网卡,port和host指定抓取的端口和主机 -w是保存为文件
tcpdump -s 0 -i eth1 port 443 and host 43.138.42.168 -w https.pcap
从上面抓取的网络包中可以看出客户端与服务器通信的TLS版本为1.2。选取第一个包,内容结构如下图:
上图的包结构从上到下依次是
物理层的数据帧,数据链路层的Ethernet帧,IP层的IP包头,TCP层的TCP包头,TLS层及负载的上层HTTP数据。
ClientHello
展开TLS层,这个包是ClientHello消息,全部展开后如下
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 253
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 249
Version: TLS 1.2 (0x0303)
Random: 8f8f55540f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55be
GMT Unix Time: Apr 28, 2046 21:36:20.000000000 中国标准时间
Random Bytes: 0f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55be
Session ID Length: 32
Session ID: 8b0e809778170dfa75738b0b9399f23169b0ae1f83019fb878124b341d3a42d8
Cipher Suites Length: 36
Cipher Suites (18 suites)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 140
Extension: server_name (len=20)
Type: server_name (0)
Length: 20
Server Name Indication extension
Server Name list length: 18
Server Name Type: host_name (0)
Server Name length: 15
Server Name: selflias.com.cn
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: secp384r1 (0x0018)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: signature_algorithms (len=20)
Type: signature_algorithms (13)
Length: 20
Signature Hash Algorithms Length: 18
Signature Hash Algorithms (9 algorithms)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: SM2 (4)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (5)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (6)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Extension: key_share (len=38)
Type: key_share (51)
Length: 38
Key Share extension
Client Key Share Length: 36
Key Share Entry: Group: x25519, Key Exchange length: 32
Group: x25519 (29)
Key Exchange Length: 32
Key Exchange: a61abd6c612929a731944317da01f71321bad1cb973895cfe8421c73e70fcd72
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: supported_versions (len=9)
Type: supported_versions (43)
Length: 9
Supported Versions length: 8
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Supported Version: TLS 1.1 (0x0302)
Supported Version: TLS 1.0 (0x0301)
[JA3 Fullstring: 771,4865-4866-4867-49199-49195-49200-49196-52393-52392-49161-49171-49162-49172-156-157-47-53-10,0-23-65281-10-11-35-13-51-45-43,29-23-24,0]
[JA3: dda262729e5413660ec0e6a8d4279860]
可以看出TLS的记录层总共253字节,Content Type为握手数据。
ClientHello消息共占249字节,最高支持TLS 1.2版本。
Random是客户端的随机数。
Session ID长度为32字节。
支持的密码套件(Cipher Suite)有18个,占36字节,优先支持TLS_AES_128_GCM_SHA256。Compression Methods压缩方法为null。
扩展占140字节,第一个扩展是SNI扩展,请求的主机名为
selflias.com.cn。supported_groups扩展,支持三个曲线x25519、secp256r1、secp384r1。
还支持SessionTicket扩展。
signature_algorithms签名算法支持9种。
ServerHello
接下来是服务器回应的SeverHello消息,展开如下
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 69
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 65
Version: TLS 1.2 (0x0303)
Random: fbdf8dffb78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36
GMT Unix Time: Nov 29, 2103 06:28:15.000000000 中国标准时间
Random Bytes: b78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36
Session ID Length: 0
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 25
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: server_name (len=0)
Type: server_name (0)
Length: 0
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
[JA3S Fullstring: 771,49199,65281-0-11-35-23]
[JA3S: 098e26e2609212ac1bfac552fbe04127]
ServerHello的消息说明服务器和客户端使用TLS v1.2处理本次会话,TLS记录层共占69字节,SeverHello消息占65字节。
Random是服务器生成的随机数。
Session ID为空,服务器不适用Session ID作为会话恢复,而是支持SessionTicket。
协商的密码套件为TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256。
不启用压缩。
扩展长度为25字节,共处理客户端的5个扩展。
Certificate
服务器在发送完ServerHello之后马上发送了Certificate子消息,展开结构如下
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 2972
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 2968
Certificates Length: 2965
Certificates (2965 bytes)
Certificate Length: 1668
Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)
signedCertificate
version: v3 (2)
serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01
signature (sha384WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
validity
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=selflias.com.cn)
subjectPublicKeyInfo
extensions: 9 items
algorithmIdentifier (sha384WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
Padding: 0
encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…
Certificate Length: 1291
Certificate: 30820507308203efa003020102021100b20ced552e31a0bf343a7528743be9ab300d0609… (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
signedCertificate
version: v3 (2)
serialNumber: 0x00b20ced552e31a0bf343a7528743be9ab
signature (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 5 items (id-at-commonName=AAA Certificate Services,id-at-organizationName=Comodo CA Limited,id-at-localityName=Salford,id-at-stateOrProvinceName=Greater Manchester,id-at-countryName=GB)
validity
subject: rdnSequence (0)
rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
subjectPublicKeyInfo
extensions: 8 items
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 1cc5289b97312237b6222154ee6382b01af617a098794e5cc9f43f01ea7d9005d8503b96…
可以看出服务器发送了两张证书,一张是服务器自己的证书,一张是中间证书。
服务器自己的证书由TrustAsia RSA DV TLS CA G2颁发,中间证书由AAA Certificate Services颁发。两张证书都使用sha256WithRSA算法签名。
服务器证书的详细结构
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 2972
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 2968
Certificates Length: 2965
Certificates (2965 bytes)
Certificate Length: 1668
Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)
signedCertificate
version: v3 (2)
serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01
signature (sha384WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)
RDNSequence item: 1 item (id-at-countryName=CN)
RelativeDistinguishedName item (id-at-countryName=CN)
Object Id: 2.5.4.6 (id-at-countryName)
CountryName: CN
RDNSequence item: 1 item (id-at-organizationName=TrustAsia Technologies, Inc.)
RelativeDistinguishedName item (id-at-organizationName=TrustAsia Technologies, Inc.)
Object Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: TrustAsia Technologies, Inc.
RDNSequence item: 1 item (id-at-commonName=TrustAsia RSA DV TLS CA G2)
RelativeDistinguishedName item (id-at-commonName=TrustAsia RSA DV TLS CA G2)
Object Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: TrustAsia RSA DV TLS CA G2
validity
notBefore: utcTime (0)
utcTime: 2022-10-19 00:00:00 (UTC)
notAfter: utcTime (0)
utcTime: 2023-10-19 23:59:59 (UTC)
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=selflias.com.cn)
RDNSequence item: 1 item (id-at-commonName=selflias.com.cn)
RelativeDistinguishedName item (id-at-commonName=selflias.com.cn)
Object Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: selflias.com.cn
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…
modulus: 0x00d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc790a4ebfc132f0c2…
publicExponent: 65537
extensions: 9 items
Extension (id-ce-authorityKeyIdentifier)
Extension (id-ce-subjectKeyIdentifier)
Extension (id-ce-keyUsage)
Extension (id-ce-basicConstraints)
Extension (id-ce-extKeyUsage)
Extension (id-ce-certificatePolicies)
Extension (id-pe-authorityInfoAccess)
Extension (id-ce-subjectAltName)
Extension (SignedCertificateTimestampList)
algorithmIdentifier (sha384WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
Padding: 0
encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…
可以看出证书的版本是X.509 v3版本。
序列号是0x00f0bb16defd41d3ba7cf205dccec0ae01。
签名算法为sha384WithRSA。
颁发者是TrustAsia RSA DV TLS CA G2。
有效期是2022-10-19 00:00:00到2023-10-19 23:59:59
公钥值是3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…
包含了9个证书扩展。
服务器证书扩展的结构
extensions: 9 items
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
keyIdentifier: 5f3a7c11107e0c677161dc8ba3b5000367f5571c
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 116c594baff606c89c4c6f69b663ba08946c8a7b
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 5
KeyUsage: a0
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..1. .... = keyEncipherment: True
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax [0 length]
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 items
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 2 items
PolicyInformation
policyIdentifier: 1.3.6.1.4.1.6449.1.2.2.49 (iso.3.6.1.4.1.6449.1.2.2.49)
policyQualifiers: 1 item
PolicyQualifierInfo
Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
DirectoryString: https://sectigo.com/CPS
PolicyInformation
policyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crt
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
accessLocation: 6
uniformResourceIdentifier: http://ocsp.trust-provider.cn
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 2 items
GeneralName: dNSName (2)
dNSName: selflias.com.cn
GeneralName: dNSName (2)
dNSName: www.selflias.com.cn
Extension (SignedCertificateTimestampList)
Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
Serialized SCT List Length: 362
Signed Certificate Timestamp (Google 'Xenon2023' log)
Serialized SCT Length: 119
SCT Version: 0
Log ID: adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a
Timestamp: Oct 19, 2022 06:37:15.021000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 72
Signature: 3046022100d3ca45fe7bf14bb759de71a2b35f708b065dd968f8b30e78865721f8575974…
Signed Certificate Timestamp (Cloudflare 'Nimbus2023' Log)
Serialized SCT Length: 119
SCT Version: 0
Log ID: 7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52
Timestamp: Oct 19, 2022 06:37:14.965000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 72
Signature: 30460221008b154b640290a4d0c7b8fd87254d0f2d0c342e55e918ffce866d92a546499d…
Signed Certificate Timestamp (Google 'Argon2023' log)
Serialized SCT Length: 118
SCT Version: 0
Log ID: e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e
Timestamp: Oct 19, 2022 06:37:14.919000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 71
Signature: 304502204b602d371ffd3a0a247afb3c64c8f262b7c282c333047fa6a4f203758917d1fe…
其中重要的扩展,即critical=True的有:
id-ce-keyUsage,表示该证书可以用于密钥交换和数字签名。
id-ce-basicConstraints,表示该证书是一张普通证书,不能签发其他证书。
Server Key Exchange
密钥协商算法是TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,证书中没有包含ECDH参数等信息,所以服务器发送ServerKeyExchange消息。
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 300
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 296
EC Diffie-Hellman Server Params
Curve Type: named_curve (0x03)
Named Curve: x25519 (0x001d)
Pubkey Length: 32
Pubkey: 37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: SM2 (4)
Signature Length: 256
Signature: 37936b9ead1368308a601245cf01e35274774210b59fe3343f48f4e202c54a7df8ee1de4…
可以看出采用的是命名曲线x25519,公钥是37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176,签名算法是rsa_pss_rsae_sha256。
Server Hello Done
Server Hello Done是一条空消息,通知客户端服务器已准备好预备主密钥协商。
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
Client Key Exchange
客户端给服务器发送自己的ECDH公钥
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 37
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 33
EC Diffie-Hellman Client Params
Pubkey Length: 32
Pubkey: 06b90ea70ed26d8c05756acb7b0f2d6cbd342f4dbad35cb1c1db8d219dc37d6a
客户端Change Cipher Spec
客户端发送该消息告诉服务器端,客户端可以使用TLS记录层协议进行密码学保护了,下一条消息就是加密的消息。
Transport Layer Security
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
客户端Encrypted Handshake Message
加密过的Finished子消息。
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
New Session Ticket
表示服务器支持Session Ticket会话恢复,发送给客户端Ticket值aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…。
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 218
Handshake Protocol: New Session Ticket
Handshake Type: New Session Ticket (4)
Length: 214
TLS Session Ticket
Session Ticket Lifetime Hint: 300 seconds (5 minutes)
Session Ticket Length: 208
Session Ticket: aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…
服务器的ChangeCipherSpec和EncryptedHandshakeMessage
和客户端的同类子消息类似。
Transport Layer Security
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
Application Data
这个消息就是加密后的上层协议的内容了,客户端与服务器已经完成握手,展开如下
Transport Layer Security
TLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
Content Type: Application Data (23)
Version: TLS 1.2 (0x0303)
Length: 328
Encrypted Application Data: 000000000000000129b0d62974ec77cb57c0a3eca6987622a8e9fd57bcfb5ca8a7e3fff7…
[Application Data Protocol: Hypertext Transfer Protocol]
可以看到http的整个请求都被加密了。
总结
TLS握手对应多种情况,这里展示的是基于ECDHE密码套件的握手场景。其他还有基于会话恢复的简短握手的场景,有不同密码套件发送不一样的握手内容的场景,实际在分析时需要慢慢总结。
版权归原作者 lee241973 所有, 如有侵权,请联系我们删除。