【https】5 A SSL Session Trace (bb102-1)
SSL Session Trace
We could use OpenSSL's s_client (with debug option) to produce a SSL session trace.
> openssl s_client ? (Display the available options)
The following command turns on the debug option and forces the protocol to be TLSv1:
> openssl s_client -connect localhost:443 -CAfile ca.crt -debug -tls1 Loading 'screen' into random state - done CONNECTED(00000760) write to 00988EB0 [009952C8] (102 bytes => 102 (0x66)) 0000 - 16 03 01 00 61 01 00 00-5d 03 01 40 44 35 27 5c ....a...][email protected]'\ 0010 - 5a e8 74 26 e9 49 37 e2-06 3b 1c 6d 77 37 d1 ae Z.t&.I7..;.mw7.. 0020 - 44 07 86 47 98 fa 84 1a-8d f4 72 00 00 36 00 39 D..G......r..6.9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./ 0040 - 00 07 00 66 00 05 00 04-00 63 00 62 00 61 00 15 ...f.....c.b.a.. 0050 - 00 12 00 09 00 65 00 64-00 60 00 14 00 11 00 08 .....e.d.`...... 0060 - 00 06 00 03 01 ..... 0066 - <SPACES/NULS> read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 2a ....* read from 00988EB0 [00990ABD] (42 bytes => 42 (0x2A)) 0000 - 02 00 00 26 03 01 40 44-35 27 cc ef 2b 51 e1 b0 ...&[email protected]'..+Q.. 0010 - 44 1f ef c4 83 72 df 37-4f 9b 2b dd 11 50 13 87 D....r.7O.+..P.. 0020 - 91 0a a2 d2 28 b9 00 00-16 ....(.... 002a - <SPACES/NULS> read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 16 03 01 02 05 ..... read from 00988EB0 [00990ABD] (517 bytes => 517 (0x205)) 0000 - 0b 00 02 01 00 01 fe 00-01 fb 30 82 01 f7 30 82 ..........0...0. 0010 - 01 60 02 01 01 30 0d 06-09 2a 86 48 86 f7 0d 01 .`...0...*.H.... 0020 - 01 04 05 00 30 4d 31 0b-30 09 06 03 55 04 06 13 ....0M1.0...U... 0030 - 02 55 53 31 10 30 0e 06-03 55 04 0b 13 07 74 65 .US1.0...U....te 0040 - 73 74 31 30 31 31 0c 30-0a 06 03 55 04 03 13 03 st1011.0...U.... 0050 - 63 68 63 31 1e 30 1c 06-09 2a 86 48 86 f7 0d 01 chc1.0...*.H.... 0060 - 09 01 16 0f 63 68 63 40-74 65 73 74 31 30 31 2e [email protected] 0070 - 63 6f 6d 30 1e 17 0d 30-34 30 32 32 36 30 36 35 com0...040226065 0080 - 36 35 34 5a 17 0d 30 35-30 32 32 35 30 36 35 36 654Z..0502250656 0090 - 35 34 5a 30 3b 31 0b 30-09 06 03 55 04 06 13 02 54Z0;1.0...U.... 00a0 - 55 53 31 0c 30 0a 06 03-55 04 03 13 03 63 68 63 US1.0...U....chc 00b0 - 31 1e 30 1c 06 09 2a 86-48 86 f7 0d 01 09 01 16 1.0...*.H....... 00c0 - 0f 63 68 63 40 74 65 73-74 31 30 31 2e 63 6f 6d [email protected] 00d0 - 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01 0..0...*.H...... 00e0 - 05 00 03 81 8d 00 30 81-89 02 81 81 00 cd e4 9e ......0......... 00f0 - 7c b6 d2 34 4e d3 53 46-25 c7 53 88 25 60 e6 46 |..4N.SF%.S.%`.F 0100 - db 64 3a 73 61 92 ac 23-92 cd 2c 94 a9 8f c6 7f .d:sa..#..,..... 0110 - 47 73 c0 d9 8d 34 b7 2c-dd c9 86 bd 82 6f ce ac Gs...4.,.....o.. 0120 - d8 e2 ba 0f e5 f5 3a 67-2c 89 1a 1b 03 eb 21 85 ......:g,.....!. 0130 - 28 e3 29 98 84 ed 46 75-82 fa 0f 30 a3 a9 a5 71 (.)...Fu...0...q 0140 - 46 4c d6 0d 17 c4 19 fd-44 fb e2 18 46 a6 9d ab FL......D...F... 0150 - 91 de 6b a1 7f fe 30 06-28 5d d8 d3 29 00 c3 1d ..k...0.(]..)... 0160 - 4c 13 00 61 8f f3 85 51-f5 68 d8 69 25 02 03 01 L..a...Q.h.i%... 0170 - 00 01 30 0d 06 09 2a 86-48 86 f7 0d 01 01 04 05 ..0...*.H....... 0180 - 00 03 81 81 00 29 fd bf-5a ed 70 8f 53 a4 e9 14 .....)..Z.p.S... 0190 - 4c 5e ba 84 c6 54 1b f2-c0 3c c4 30 0f 7f 12 80 L^...T...<.0.... 01a0 - 4e 01 b7 fd 39 50 f1 41-0d d8 aa 77 d9 87 25 1a N...9P.A...w..%. 01b0 - 1e e2 97 88 4f 53 75 c8-70 22 6a 01 61 0f 51 3e ....OSu.p"j.a.Q> 01c0 - 13 19 9c 64 f2 76 14 e8-85 25 23 a2 11 c4 8c f8 ...d.v...%#..... 01d0 - 23 2c d1 c3 d3 71 3a e6-71 54 10 07 dc 72 ff ee #,...q:.qT...r.. 01e0 - e8 3e cf 8e 77 73 e9 9f-f5 9a 90 60 4d a0 aa 03 .>..ws.....`M... 01f0 - 32 1f 11 6f 2e 9a 5f 3c-77 05 22 0c 81 bf 29 96 2..o.._ 5 (0x5)) 0000 - 16 03 01 01 8d ..... read from 00988EB0 [00990ABD] (397 bytes => 397 (0x18D)) 0000 - 0c 00 01 89 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1 .........=I[.,|. 0010 - 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20 ....y.....Q..^* 0020 - 64 90 4a 79 a7 70 fa 15-a2 59 cb d5 23 a6 a6 ef d.Jy.p...Y..#... 0030 - 09 c4 30 48 d5 a2 2f 97-1f 3c 20 12 9b 48 00 0e ..0H../..< ..H.. 0040 - 6e dd 06 1c bc 05 3e 37-1d 79 4e 53 27 df 61 1e n.....>7.yNS'.a. 0050 - bb be 1b ac 9b 5c 60 44-cf 02 3d 76 e0 5e ea 9b .....\`D..=v.^.. 0060 - ad 99 1b 13 a6 3c 97 4e-9e f1 83 9e b5 db 12 51 .....<.N.......Q 0070 - 36 f7 26 2e 56 a8 87 15-38 df d8 23 c6 50 50 85 6.&.V...8..#.PP. 0080 - e2 1f 0d d5 c8 6b 00 01-02 00 80 11 3f 5f fa e4 .....k......?_.. 0090 - 79 9a 0b d9 e0 67 37 c4-2a 88 22 b0 95 b7 a7 be y....g7.*."..... 00a0 - 93 79 9d 51 ae 31 47 99-df 47 dd 80 5e 3d 2a 4a .y.Q.1G..G..^=*J 00b0 - 29 8b fd c1 63 5e 48 e8-e3 fd ac 95 1b 3a 5f 75 )...c^H......:_u 00c0 - 98 2d 3c 9c ba 68 18 7b-be 38 2c 69 3d 41 b7 c3 .-<..h.{.8,i=A.. 00d0 - 08 a1 da b0 a8 a4 fe 9a-d6 1e 56 ff 4c 8c 6e 6b ..........V.L.nk 00e0 - 18 f1 ec 9d 22 a9 90 27-c1 c6 2c 0e bd 0e 13 d4 ...."..'..,..... 00f0 - fd b2 c9 8f 6f bb 8e 06-e0 b5 1f f7 87 03 5f a8 ....o........._. 0100 - 12 4f bb ce ba f1 76 fb-80 08 37 00 80 30 99 ad .O....v...7..0.. 0110 - 9b fc 3a 14 6b a8 2c c5-fe 7b bd 1c 92 ec 19 a6 ..:.k.,..{...... 0120 - 75 2d 69 4e f4 9f 74 60-5d d4 3e 06 97 38 bc b5 u-iN..t`].>..8.. 0130 - 0e 3c 1f f2 99 e6 55 4a-36 42 a8 f2 b7 32 2a 1e .<....UJ6B...2*. 0140 - a3 87 b3 f3 79 43 28 d1-7a 0d db 7c 11 26 f3 68 ....yC(.z..|.&.h 0150 - b1 73 b6 78 4b f3 22 20-e4 f7 27 08 ab 74 92 92 .s.xK." ..'..t.. 0160 - 79 26 61 40 1e e9 90 11-e8 b1 cf 99 d9 9f c7 68 y&[email protected] 0170 - 48 e8 f2 a5 d5 d7 0e e1-88 9a bd 0f 40 85 af 2d [email protected] 0180 - da 76 3a 10 6e b9 38 4d-37 9c 41 c8 9f .v:.n.8M7.A.. read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 04 ..... read from 00988EB0 [00990ABD] (4 bytes => 4 (0x4)) 0000 - 0e . 0004 - <SPACES/NULS> write to 00988EB0 [00999BE0] (139 bytes => 139 (0x8B)) 0000 - 16 03 01 00 86 10 00 00-82 00 80 63 c2 3c 69 26 ...........c...dU.....]n.. 0030 - 05 f1 db 44 f3 13 a8 24-3a 76 0e 3e 1a 6e 55 0c ...D...$:v.>.nU. 0040 - 31 9b 04 99 30 ff 8f d2-8d 8e 0d b1 67 ac 43 ee 1...0.......g.C. 0050 - b2 3f d3 c7 c5 33 81 e1-3f d2 47 6f 5d 8a fb 4c .?...3..?.Go]..L 0060 - 62 c7 23 b3 f7 ad 3c a9-0c 87 4a 08 07 55 ba 06 b.#...<...J..U.. 0070 - 34 18 0c 5f d9 35 f0 2b-90 9a 9d 6b 87 62 41 0f 4.._.5.+...k.bA. 0080 - b3 47 74 5f 5b b8 59 5a-b2 21 dd .Gt_[.YZ.!. write to 00988EB0 [00999BE0] (6 bytes => 6 (0x6)) 0000 - 14 03 01 00 01 01 ...... write to 00988EB0 [00999BE0] (45 bytes => 45 (0x2D)) 0000 - 16 03 01 00 28 0f 31 83-e0 f8 91 fa 33 98 68 46 ....(.1.....3.hF 0010 - c0 60 83 66 28 fe d3 a5-00 f0 98 d5 df 22 72 2d .`.f(........"r- 0020 - e4 40 9b 96 3b 4c f9 02-13 a7 e7 77 74 [email protected];L.....wt read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 14 03 01 00 01 ..... read from 00988EB0 [00990ABD] (1 bytes => 1 (0x1)) 0000 - 01 . read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 28 ....( read from 00988EB0 [00990ABD] (40 bytes => 40 (0x28)) 0000 - d4 0b a6 b7 e8 91 09 1e-e4 1e fc 44 5f 80 cc a1 ...........D_... 0010 - 5d 51 55 3e 62 e8 0f 78-07 f6 2f cd f9 bc 49 8d ]QU>b..x../...I. 0020 - 56 5b e8 b2 09 2c 18 52- V[...,.R --- Certificate chain 0 s:/C=US/CN=chc/[email protected] i:/C=US/OU=test101/CN=chc/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIB9zCCAWACAQEwDQYJKoZIhvcNAQEEBQAwTTELMAkGA1UEBhMCVVMxEDAOBgNV BAsTB3Rlc3QxMDExDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJARYPY2hjQHRl c3QxMDEuY29tMB4XDTA0MDIyNjA2NTY1NFoXDTA1MDIyNTA2NTY1NFowOzELMAkG A1UEBhMCVVMxDDAKBgNVBAMTA2NoYzEeMBwGCSqGSIb3DQEJARYPY2hjQHRlc3Qx MDEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN5J58ttI0TtNTRiXH U4glYOZG22Q6c2GSrCOSzSyUqY/Gf0dzwNmNNLcs3cmGvYJvzqzY4roP5fU6ZyyJ GhsD6yGFKOMpmITtRnWC+g8wo6mlcUZM1g0XxBn9RPviGEamnauR3muhf/4wBihd 2NMpAMMdTBMAYY/zhVH1aNhpJQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACn9v1rt cI9TpOkUTF66hMZUG/LAPMQwD38SgE4Bt/05UPFBDdiqd9mHJRoe4peIT1N1yHAi agFhD1E+ExmcZPJ2FOiFJSOiEcSM+CMs0cPTcTrmcVQQB9xy/+7oPs+Od3Ppn/Wa kGBNoKoDMh8Rby6aXzx3BSIMgb8plq3LOxiu -----END CERTIFICATE----- subject=/C=US/CN=chc/[email protected] issuer=/C=US/OU=test101/CN=chc/[email protected] --- No client certificate CA names sent --- SSL handshake has read 1031 bytes and written 292 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: 57FDDAF85C7D287F9F9A070E8784A29C75E788DA2757699B 20F3CA50E7EE01A66182A71753B78DA218916136D50861AE Key-Arg : None Start Time: 1078211879 Timeout : 7200 (sec) Verify return code: 0 (ok) --- GET /test.html HTTP/1.0 write to 00988EB0 [009952C8] (82 bytes => 82 (0x52)) 0000 - 17 03 01 00 18 74 fa 45-35 2d b1 24 59 cf ad 96 .....t.E5-.$Y... 0010 - 34 30 01 7d be 8e 70 f9-41 62 11 f1 36 17 03 01 40.}..p.Ab..6... 0020 - 00 30 56 61 ba 2d d3 58-5d e6 6a 83 78 07 87 7a .0Va.-.X].j.x..z 0030 - db b2 a7 40 c7 6d c1 4a-20 3b 82 7d aa 15 e8 65 [email protected] ;.}...e 0040 - 3b 92 bd c8 20 e9 9d 41-f1 77 51 d9 ae 31 c4 2c ;... ..A.wQ..1., 0050 - 32 5a 2Z write to 00988EB0 [009952C8] (58 bytes => 58 (0x3A)) 0000 - 17 03 01 00 18 39 2f df-43 75 91 13 34 1b 12 04 .....9/.Cu..4... 0010 - 7d ef 8d e1 86 54 4f 67-c8 1d cd 07 a4 17 03 01 }....TOg........ 0020 - 00 18 53 d9 22 9d eb 6e-8b 79 f8 e4 82 2f ba ea ..S."..n.y.../.. 0030 - 03 a5 3f 12 85 2e 9f 64-ff dc ..?....d.. read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 17 03 01 01 48 ....H read from 00988EB0 [00990ABD] (328 bytes => 328 (0x148)) 0000 - bd eb 8b 9c 01 ac 73 30-8f ca a4 8b 2a 6f bd 02 ......s0....*o.. 0010 - d7 fc 71 18 61 47 f2 1d-70 8b 10 7d 98 28 a4 50 ..q.aG..p..}.(.P 0020 - f3 0f 42 e8 c5 e1 3e 53-34 bd c7 62 34 1b 5e 8c ..B...>S4..b4.^. 0030 - 99 2d 89 c6 b3 f0 19 96-22 97 43 b8 8f 9d 76 42 .-......".C...vB 0040 - 95 a5 7c db 3b 22 dd 57-29 8d e8 d4 28 3e 89 d8 ..|.;".W)...(>.. 0050 - 46 e5 dc 35 51 56 f8 44-d1 82 44 a0 65 b0 93 22 F..5QV.D..D.e.." 0060 - 4b 0a eb 07 26 c9 2a e2-45 4c de 07 0c bb 3e c6 K...&.*.EL....>. 0070 - bc 37 94 cd ec 94 2f 35-76 37 13 4d 0f 88 9c b1 .7..../5v7.M.... 0080 - d7 1c 58 8a 35 5b 32 bc-12 2b 9c e6 5b d4 86 bd ..X.5[2..+..[... 0090 - 39 fc 99 18 79 ec f7 53-db 59 74 49 da 07 69 54 9...y..S.YtI..iT 00a0 - f4 66 aa 36 34 39 f9 0b-87 50 9e 76 db 9f d0 44 .f.649...P.v...D 00b0 - 0c 0d e7 65 80 9b b8 51-56 3d d0 db aa 55 ff ca ...e...QV=...U.. 00c0 - 74 38 24 c1 8c d7 32 cf-ab 03 b3 59 29 0f 80 18 t8$...2....Y)... 00d0 - 6a d4 e0 7e fd 41 8c f7-1d 81 12 a7 00 b3 71 39 j..~.A........q9 00e0 - 78 1e 3c 17 42 d4 99 22-69 7b 2d 09 ef d8 6e f4 x.<.B.."i{-...n. 00f0 - 64 f6 61 34 72 8c 89 f5-a8 ea 1c b1 0d 08 ff 17 d.a4r........... 0100 - 51 3e 46 2b 38 75 61 6a-1e 34 f4 14 14 38 0d 5e Q>F+8uaj.4...8.^ 0110 - 6e ba db ef 83 88 ee a5-2c 18 5a 0c 27 e3 d9 19 n.......,.Z.'... 0120 - 6c a3 12 c0 a1 3d e1 14-96 d3 1a f9 c9 f2 aa d6 l....=.......... 0130 - 12 d5 36 ae 36 f2 18 f5-df c6 ef 34 d7 7d 2b 70 ..6.6......4.}+p 0140 - 99 88 47 93 91 09 56 b1- ..G...V. HTTP/1.1 200 OK Date: Tue, 02 Mar 2004 07:18:08 GMT Server: Apache/1.3.29 (Win32) mod_ssl/2.8.16 OpenSSL/0.9.7c Last-Modified: Sat, 07 Feb 2004 10:53:25 GMT ETag: "0-23-4024c3a5" Accept-Ranges: bytes Content-Length: 35 Connection: close Content-Type: text/html <h1>Home page on main server</h1> read from 00988EB0 [00990AB8] (5 bytes => 5 (0x5)) 0000 - 15 03 01 00 18 ..... read from 00988EB0 [00990ABD] (24 bytes => 24 (0x18)) 0000 - a5 47 51 bd aa 0f 9b e4-ac d4 28 f2 d0 a0 c8 fa .GQ.......(..... 0010 - 2c d4 e5 e4 be c5 01 85- ,....... closed write to 00988EB0 [009952C8] (29 bytes => 29 (0x1D)) 0000 - 15 03 01 00 18 d4 19 b9-59 88 88 c0 c9 38 ab 5c ........Y....8.\ 0010 - 98 8c 43 fd b8 9e 14 3d-77 5e 4c 68 03 ..C....=w^Lh.
2 分析
The data to be transmitted is broken up into series of fragments. Each fragment is protected for integrity using HMAC. (more)
Each SSL record begins with a 5-byte header:
- Byte 0: Record Content Type. Four Content Types are defined, as follows:
Content Type Hex Code Description Handshake0x16The record carries a handshaking message Application_Data0x17Encrypted Application Data Change_Cipher_Spec0x14To indicate a change in encryption methods. Alert0x15To signal various types of errors - Byte 1 & 2: SSL version (0x0301 for TLSv1, 0x0300 for SSLv3).
- Byte 3 & 4: The record length, excluding the 5-byte header.
Let us begin looking into the handshake message contained within a SSL record (of Content Type 0x16). The handshake message has a 4-byte header:
- Byte 0: Handshake Type, as follows:
Handshake Type Hex Code hello_request0x00client_hello0x01server_hello0x02certificate0x0bserver_key_exchange0x0ccertificate_request0x0dserver_hello_done0x0ecertificate_verify0x0fclient_key_exchange0x10finished0x14 - Byte 1 - 3: The message length, excluding the 4-byte header.
Hence, a client_hello record will begin with a 5-byte record header, followed by a 4-byte handshake message header. For example,
Client_Hello
The first handshake message is always sent by the client, called client_hello message. In this message, the client tells the server its preferences in terms of protocol version, ciphersuit, and compression method. The client also includes a 32-byte random number (client_random) in the message, which is made up of a 4-byte GMT Unix time (seconds since 1970), plus another 28 random bytes.
You must refer to RFC2246 for the structure of the Client_Hello message.
| Bytes | Len | Value | Description | |
|---|---|---|---|---|
| 00 | 1 | 16 | Record Content Type - Handshake Message | |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 | |
| 03-04 | 2 | 00 61 | Record Length | |
| 05 | 1 | 01 | Handshake Type - Client_Hello | |
| 06-08 | 3 | 00 00 5d | Message Length (0x61-4 = 0x5d) | |
| 09-0A | 2 | 03 01 | Client preferred version (client_version) - TLSv1 | |
| 0B-0E | 4 | 40 44 35 27 | GMT Time | Client_Random |
| 0C-2A | 28 | 5c ... 72 | 28 random bytes | |
| 2B | 1 | 00 | Session ID Length 0 (for resuming the session) | |
| 2C-2D | 2 | 00 36 | Ciphersuit Length - 27 choices (2-byte each) | |
| 2E-63 | 54 | .... | The 27 Ciphersuits (See Table) | |
| 64 | 1 | 01 | Compression Method Length - 1 | |
| 65 | 1 | 00 | Compression Method: NULL. | |
Ciphersuit Code used in Client_Hello and Server_Hello messages is tabulated as follows:(0X36 = 54 加密算法列表)
| Cipher Suite | Auth | Key Exchange | Encryption | Hash | Code |
|---|---|---|---|---|---|
| RSA_WITH_NULL_MD5 | RSA | RSA | NULL | MD5 | 0001 |
| RSA_WITH_NULL_SHA | RSA | RSA | NULL | SHA | 0002 |
| RSA_EXPORT_WITH_RC4_40_MD5 | RSA | RSA_EXPORT | RC4_40 | MD5 | 0003 |
| RSA_WITH_RC4_128_MD5 | RSA | RSA | RC4_128 | MD5 | 0004 |
| RSA_WITH_RC4_128_SHA | RSA | RSA | RC4_128 | SHA | 0005 |
| RSA_EXPORT_WITH_RC2_CBC_40_MD5 | RSA | RSA_EXPORT | RC2_40_CBC | MD5 | 0006 |
| RSA_WITH_IDEA_CBC_SHA | RSA | RSA | IDEA_CBC | SHA | 0007 |
| RSA_EXPORT_WITH_DES40_CBC_SHA | RSA | RSA_EXPORT | DES40_CBC | SHA | 0008 |
| RSA_WITH_DES_CBC_SHA | RSA | RSA | DES_CBC | SHA | 0009 |
| RSA_WITH_3DES_EDE_CBC_SHA | RSA | RSA | 3DES_EDE_CBC | SHA | 000A |
| DH_DSS_EXPORT_WITH_DES40_CBC_SHA | RSA | DH_DSS_EXPT | DES_40_CBC | SHA | 000B |
| DH_DSS_WITH_DES_CBC_SHA | DSS | DH | DES_CBC | SHA | 000C |
| DH_DSS_WITH_3DES_EDE_CBC_SHA | DSS | DH | 3DES_EDE_CBC | SHA | 000D |
| DH_RSA_EXPORT_WITH_DES40_CBC_SHA | RSA | DH_EXPORT | DES_40_CBC | SHA | 000E |
| DH_RSA_WITH_DES_CBC_SHA | RSA | DH | DES_CBC | SHA | 000F |
| DH_RSA_WITH_3DES_EDE_CBC_SHA | DSS | DH | 3DES_EDE_CBC | SHA | 0010 |
| DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | DSS | DH_EXPORT | RC4_40 | SHA | 0011 |
| DHE_DSS_WITH_DES_CBC_SHA | DSS | DHE | RC4_128 | SHA | 0012 |
| DHE_DSS_WITH_3DES_EDE_CBC_SHA | DSS | DHE | DES_40_CBC | SHA | 0013 |
| DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | RSA | DHE_EXPORT | DES_CBC | SHA | 0014 |
| DHE_RSA_WITH_DES_CBC_SHA | RSA | DH | DES_CBC | SHA | 0015 |
| DHE_RSA_WITH_3DES_EDE_CBC_SHA | RSA | DHE | 3DES_EDE_CBC | SHA | 0016 |
| DH_anon_EXPORT_WITH_RC4_40_MD5 | - | DH_EXPORT | RC4_40 | MD5 | 0017 |
| DH_anon_WITH_RC4_128_MD5 | - | DH | RC4_128 | MD5 | 0018 |
| DH_anon_EXPORT_WITH_DES40_CBC_SHA | - | DH_EXPORT | DES_40_CBC | SHA | 0019 |
| DH_anon_WITH_DES_CBC_SHA | - | DH | DES_CBC | SHA | 001A |
| DH_anon_WITH_3DES_EDE_CBC_SHA | - | DH | 3DES_EDE_CBC | SHA | 001B |
Server_Hello
In response to the client_hello message, the server returns a server_hello message to tell the client its choice of protocol version, ciphersuit and compression method. The server also includes a 32-byte random number (server_random) in the message.
| Bytes | Len | Value | Description | |
|---|---|---|---|---|
| 00 | 1 | 16 | Record Content Type - Handshake Message | |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 | |
| 03-04 | 2 | 00 2a | Record Length | |
| 05 | 1 | 02 | Handshake Type - Server_Hello | |
| 06-08 | 3 | 00 00 26 | Message Length 26+4=2a | |
| 09-0A | 2 | 03 01 | Protocol Version Chosen - TLSv1 | |
| 0B-0E | 4 | 40 44 35 27 | GMT Time (sec since 1970) | Server_Random |
| 0C-2A | 28 | cc ... b9 | 28 random bytes | |
| 2B | 1 | 00 | Session ID Length 0 (for resuming the session) | |
| 2C-2D | 2 | 00 16 | Ciphersuit Chosen: DHE_RSA_WITH_3DES_EDE_CBC_SHA |
|
| 2E | 1 | 00 | Compression Method Chosen: NULL. | |
Certificate
The certificate message consists of a chain of X.509 certificates in the correct order. The first certificate belongs to the server, and the next certificate contains the key that certifies the first certificate (i.e., the server's certificate), and so on. The client uses the server's public key (contained inside the server's certificate) to either encrypt the pre_master_secret or verify the server_key_exchange, depending on which ciphersuit is used.
| Bytes | Len | Value | Description |
|---|---|---|---|
| 00 | 1 | 16 | Record Content Type - Handshake Message |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 |
| 03-04 | 2 | 02 05 | Record Length |
| 05 | 1 | 0b | Handshake Type - certificate |
| 06-08 | 3 | 00 02 01 | Message Length |
| 09-0B | 3 | 00 01 fe | Certificate Length |
| Certificates (to be traced) |
The X.509 certificate structure can be found from the ITU recommendation X.509 "The directory - Authentication Framework".
Server_Key_Exchange
| Handshake Type | Hex Code |
|---|---|
hello_request |
0x00 |
client_hello |
0x01 |
server_hello |
0x02 |
certificate |
0x0b |
server_key_exchange |
0x0c |
certificate_request |
0x0d |
server_hello_done |
0x0e |
certificate_verify |
0x0f |
client_key_exchange |
0x10 |
finished |
0x14 |
Server_Hello_Done
This is an empty message indicating that the server has sent all the handshaking messages. This is needed because the server can send some optional messages after the certificate message.
0000 - 16 03 01 00 04 0e
| Bytes | Len | Value | Description |
|---|---|---|---|
| 00 | 1 | 16 | Record Content Type - Handshake Message |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 |
| 03-04 | 2 | 00 04 | Record Length |
| 05 | 1 | 0e | Handshake Type - Server_Hello_Done |
| (check the last 3 bytes) |
Client_Key_Exchange 使用RSA发送 pre_master_secret 48bytes
The client_key_exchange message contains the pre_master_secret when RSA key exchange is used. The pre_master_secret is 48-byte, consists of protocol version (2 bytes) and 46 random bytes.
| Bytes | Len | Value | Description |
|---|---|---|---|
| 00 | 1 | 16 | Record Content Type - Handshake Message |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 |
| 03-04 | 2 | 00 86 | Record Length |
| 05 | 1 | 10 | Handshake Type - Client_Key_Exchange |
| 06-08 | 3 | 00 00 82 | Message Length |
| pre_master_secret (130 bytes): encrypted using server's public key extracted from the server's certificate |
Change_Cipher_Spec
-
Content Type Hex Code Description Handshake0x16The record carries a handshaking message Application_Data0x17Encrypted Application Data Change_Cipher_Spec0x14To indicate a change in encryption methods. Alert0x15To signal various types of errors
| Bytes | Len | Value | Description |
|---|---|---|---|
| 00 | 1 | 14 | Record Content Type - Change_Cipher_Spec |
| 01-02 | 2 | 03 01 | SSL version - TLSv1 |
| 03-04 | 2 | 00 01 | Record Length |
| 05 | 1 | 01 | ?? |
Certificate_Verify
Change_Cipher_Spec
Unknown Handshaking Message (D4) - to check
Application_Data
-
Content Type Hex Code Description Handshake0x16The record carries a handshaking message Application_Data0x17Encrypted Application Data Change_Cipher_Spec0x14To indicate a change in encryption methods. Alert0x15To signal various types of errors
Client-to-Server - the HTTP request message: GET /test.html HTTP/1.0
Server-to-Client - the HTTP response message
Alert
Comparison of TLS v1, SSL v3 and SSL v2
The TLS v1 specification stated, "TLS v1 and SSL v3 are very similar". Some of minor differences include minor changes in HMAC calculation, ciphersuit support, and pseudo-random number generation. TLS v1 can be regarded as SSL v3.1.
SSL v2 has a big security hole in the negotiation of the ciphersuit (and should not be used). The attacker can convince the client and server to use a weaker encryption than what they are capable of. This is called "ciphersuit rollback" attack.