0
点赞
收藏
分享

微信扫一扫

tls1.3 可以看到client hello所有内容,还有一半的server hello,是看不到证书issuer、subject等信息的

梅梅的时光 2023-08-02 阅读 13
安全分析DataGroupServerHtml/CSS前端开发

https://www.cloudshark.org/captures/64d433b1585a

 

看到tls1.3 client hello 内容:

  • Secure Sockets Layer
  • TLSv1.3 Record Layer: Handshake Protocol: Client Hello
  • Content Type: Handshake (22)
  • Version: TLS 1.0 (0x0301)
  • Length: 234
  • Handshake Protocol: Client Hello
  • Handshake Type: Client Hello (1)
  • Length: 230
  • Version: TLS 1.2 (0x0303)
  • Random: 3eaf2b6c1d04a8c5369efecf504a7c1c5e5801dd226a98cb...
  • Session ID Length: 32
  • Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
  • Cipher Suites Length: 8
  • Cipher Suites (4 suites)
  • Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
  • Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
  • Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
  • Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • Compression Methods Length: 1
  • Compression Methods (1 method)
  • Compression Method: null (0)
  • Extensions Length: 149
  • Extension: server_name (len=16)
  • Type: server_name (0)
  • Length: 16
  • Server Name Indication extension
  • Server Name list length: 14
  • Server Name Type: host_name (0)
  • Server Name length: 11
  • Server Name: dogfish.lan
  • Extension: ec_point_formats (len=4)
  • Type: ec_point_formats (11)
  • Length: 4
  • EC point formats Length: 3
  • Elliptic curves point formats (3)
  • EC point format: uncompressed (0)
  • EC point format: ansiX962_compressed_prime (1)
  • EC point format: ansiX962_compressed_char2 (2)
  • Extension: supported_groups (len=12)
  • Type: supported_groups (10)
  • Length: 12
  • Supported Groups List Length: 10
  • Supported Groups (5 groups)
  • Supported Group: x25519 (0x001d)
  • Supported Group: secp256r1 (0x0017)
  • Supported Group: x448 (0x001e)
  • Supported Group: secp521r1 (0x0019)
  • Supported Group: secp384r1 (0x0018)
  • Extension: SessionTicket TLS (len=0)
  • Type: SessionTicket TLS (35)
  • Length: 0
  • Data (0 bytes)
  • Extension: encrypt_then_mac (len=0)
  • Type: encrypt_then_mac (22)
  • Length: 0
  • Extension: extended_master_secret (len=0)
  • Type: extended_master_secret (23)
  • Length: 0
  • Extension: signature_algorithms (len=30)
  • Type: signature_algorithms (13)
  • Length: 30
  • Signature Hash Algorithms Length: 28
  • Signature Hash Algorithms (14 algorithms)
  • Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
  • Signature Hash Algorithm Hash: SHA256 (4)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
  • Signature Hash Algorithm Hash: SHA384 (5)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
  • Signature Hash Algorithm Hash: SHA512 (6)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ed25519 (0x0807)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (7)
  • Signature Algorithm: ed448 (0x0808)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (8)
  • Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (9)
  • Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (10)
  • Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (11)
  • Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (4)
  • Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (5)
  • Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (6)
  • Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
  • Signature Hash Algorithm Hash: SHA256 (4)
  • Signature Hash Algorithm Signature: RSA (1)
  • Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
  • Signature Hash Algorithm Hash: SHA384 (5)
  • Signature Hash Algorithm Signature: RSA (1)
  • Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
  • Signature Hash Algorithm Hash: SHA512 (6)
  • Signature Hash Algorithm Signature: RSA (1)
  • Extension: supported_versions (len=7)
  • Type: supported_versions (43)
  • Length: 7
  • Supported Versions length: 6
  • Supported Version: TLS 1.3 (draft 28) (0x7f1c)
  • Supported Version: TLS 1.3 (draft 27) (0x7f1b)
  • Supported Version: TLS 1.3 (draft 26) (0x7f1a)
  • Extension: psk_key_exchange_modes (len=2)
  • Type: psk_key_exchange_modes (45)
  • Length: 2
  • PSK Key Exchange Modes Length: 1
  • PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
  • Extension: key_share (len=38)
  • Type: key_share (51)
  • Length: 38
  • Key Share extension
  • Client Key Share Length: 36
  • Key Share Entry: Group: x25519, Key Exchange length: 32
  • Group: x25519 (29)
  • Key Exchange Length: 32
  • Key Exchange: 3f011ff8b8090294a2c9223892159c4603851d6c243208a9...
  • 另外可以看到server hello一半内容:
  • Secure Sockets Layer
  • TLSv1.3 Record Layer: Handshake Protocol: Server Hello
  • Content Type: Handshake (22)
  • Version: TLS 1.2 (0x0303)
  • Length: 122
  • Handshake Protocol: Server Hello
  • Handshake Type: Server Hello (2)
  • Length: 118
  • Version: TLS 1.2 (0x0303)
  • Random: bf661b511b43b686cc648e72d088f0e5e28a6cb8f4159799...
  • Session ID Length: 32
  • Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
  • Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
  • Compression Method: null (0)
  • Extensions Length: 46
  • Extension: supported_versions (len=2)
  • Type: supported_versions (43)
  • Length: 2
  • Supported Version: TLS 1.3 (draft 28) (0x7f1c)
  • Extension: key_share (len=36)
  • Type: key_share (51)
  • Length: 36
  • Key Share extension
  • Key Share Entry: Group: x25519, Key Exchange length: 32
  • Group: x25519 (29)
  • Key Exchange Length: 32
  • Key Exchange: 3d750141fcd29f825d07d511459d003d4e64741270dbb2f4...
  • TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
  • Content Type: Change Cipher Spec (20)
  • Version: TLS 1.2 (0x0303)
  • Length: 1
  • Change Cipher Spec Message
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 23
  • Encrypted Application Data: 52a02a0dd613185b3ff3e26a92bf81fbd12d72a660d5f7
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 675
  • Encrypted Application Data: 86ac93b3a0a8940dc5b449d8f486537525ba6a76fb4cfaf4...
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 153
  • Encrypted Application Data: 777f0bb581c3f0746da4731d85d6f5f87b953e99461f702b...
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 69
  • Encrypted Application Data: 7e1ae1d016ce79c750f033ad5e1004a9328b72f9ae316506...

tls 1.2在server hello里有certificate一段,是可以看到证书的颁发者、subject等信息的: 见 https://www.cloudshark.org/captures/26fa735868c1



举报

相关推荐

不到一半的医院运行物联网演示,但更多的是在途中

java物联网区块链大数据人工智能虚拟化云计算

写给所有程序员_起个好名字是成功的一半

程序员变量名ide控件编程语言

​​[::-1] 是 Python 中的切片操作符,它可以将一个序列(字符串、列表、元组等)反转​​​​1​​​​。例如,对于字符串 "hello","hello"[::-1] 的结果是 "olleh

字符串操作符Python软件研发

`^`是一个正则表达式元字符,用于匹配字符串的开头。例如,`^hello`可以匹配以"hello"开头的字符串。在正则表达式中,`^`还可以用于否定字符集,例如,`[^abc]`可以匹配除了"a"、"

字符串正则表达式bc软件研发

这是一系列关于磁盘管理的命令有:fdisk,mkfs,mount,umount,swap还有开机自动挂载等!这次命令有点多博友们可以加以点赞收藏防止以后找不到,冲吧博友们,加油!整理不易点个关注呗

fdiskmkfsmount、umountswap开机自动挂载Linux系统/运维
0 条评论