0
点赞
收藏
分享

微信扫一扫

tls1.3 可以看到client hello所有内容,还有一半的server hello,是看不到证书issuer、subject等信息的

https://www.cloudshark.org/captures/64d433b1585a

 

看到tls1.3 client hello 内容:

  • Secure Sockets Layer
  • TLSv1.3 Record Layer: Handshake Protocol: Client Hello
  • Content Type: Handshake (22)
  • Version: TLS 1.0 (0x0301)
  • Length: 234
  • Handshake Protocol: Client Hello
  • Handshake Type: Client Hello (1)
  • Length: 230
  • Version: TLS 1.2 (0x0303)
  • Random: 3eaf2b6c1d04a8c5369efecf504a7c1c5e5801dd226a98cb...
  • Session ID Length: 32
  • Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
  • Cipher Suites Length: 8
  • Cipher Suites (4 suites)
  • Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
  • Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
  • Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
  • Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
  • Compression Methods Length: 1
  • Compression Methods (1 method)
  • Compression Method: null (0)
  • Extensions Length: 149
  • Extension: server_name (len=16)
  • Type: server_name (0)
  • Length: 16
  • Server Name Indication extension
  • Server Name list length: 14
  • Server Name Type: host_name (0)
  • Server Name length: 11
  • Server Name: dogfish.lan
  • Extension: ec_point_formats (len=4)
  • Type: ec_point_formats (11)
  • Length: 4
  • EC point formats Length: 3
  • Elliptic curves point formats (3)
  • EC point format: uncompressed (0)
  • EC point format: ansiX962_compressed_prime (1)
  • EC point format: ansiX962_compressed_char2 (2)
  • Extension: supported_groups (len=12)
  • Type: supported_groups (10)
  • Length: 12
  • Supported Groups List Length: 10
  • Supported Groups (5 groups)
  • Supported Group: x25519 (0x001d)
  • Supported Group: secp256r1 (0x0017)
  • Supported Group: x448 (0x001e)
  • Supported Group: secp521r1 (0x0019)
  • Supported Group: secp384r1 (0x0018)
  • Extension: SessionTicket TLS (len=0)
  • Type: SessionTicket TLS (35)
  • Length: 0
  • Data (0 bytes)
  • Extension: encrypt_then_mac (len=0)
  • Type: encrypt_then_mac (22)
  • Length: 0
  • Extension: extended_master_secret (len=0)
  • Type: extended_master_secret (23)
  • Length: 0
  • Extension: signature_algorithms (len=30)
  • Type: signature_algorithms (13)
  • Length: 30
  • Signature Hash Algorithms Length: 28
  • Signature Hash Algorithms (14 algorithms)
  • Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
  • Signature Hash Algorithm Hash: SHA256 (4)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
  • Signature Hash Algorithm Hash: SHA384 (5)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
  • Signature Hash Algorithm Hash: SHA512 (6)
  • Signature Hash Algorithm Signature: ECDSA (3)
  • Signature Algorithm: ed25519 (0x0807)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (7)
  • Signature Algorithm: ed448 (0x0808)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (8)
  • Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (9)
  • Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (10)
  • Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (11)
  • Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (4)
  • Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (5)
  • Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
  • Signature Hash Algorithm Hash: Unknown (8)
  • Signature Hash Algorithm Signature: Unknown (6)
  • Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
  • Signature Hash Algorithm Hash: SHA256 (4)
  • Signature Hash Algorithm Signature: RSA (1)
  • Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
  • Signature Hash Algorithm Hash: SHA384 (5)
  • Signature Hash Algorithm Signature: RSA (1)
  • Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
  • Signature Hash Algorithm Hash: SHA512 (6)
  • Signature Hash Algorithm Signature: RSA (1)
  • Extension: supported_versions (len=7)
  • Type: supported_versions (43)
  • Length: 7
  • Supported Versions length: 6
  • Supported Version: TLS 1.3 (draft 28) (0x7f1c)
  • Supported Version: TLS 1.3 (draft 27) (0x7f1b)
  • Supported Version: TLS 1.3 (draft 26) (0x7f1a)
  • Extension: psk_key_exchange_modes (len=2)
  • Type: psk_key_exchange_modes (45)
  • Length: 2
  • PSK Key Exchange Modes Length: 1
  • PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
  • Extension: key_share (len=38)
  • Type: key_share (51)
  • Length: 38
  • Key Share extension
  • Client Key Share Length: 36
  • Key Share Entry: Group: x25519, Key Exchange length: 32
  • Group: x25519 (29)
  • Key Exchange Length: 32
  • Key Exchange: 3f011ff8b8090294a2c9223892159c4603851d6c243208a9...
  • 另外可以看到server hello一半内容:
  • Secure Sockets Layer
  • TLSv1.3 Record Layer: Handshake Protocol: Server Hello
  • Content Type: Handshake (22)
  • Version: TLS 1.2 (0x0303)
  • Length: 122
  • Handshake Protocol: Server Hello
  • Handshake Type: Server Hello (2)
  • Length: 118
  • Version: TLS 1.2 (0x0303)
  • Random: bf661b511b43b686cc648e72d088f0e5e28a6cb8f4159799...
  • Session ID Length: 32
  • Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
  • Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
  • Compression Method: null (0)
  • Extensions Length: 46
  • Extension: supported_versions (len=2)
  • Type: supported_versions (43)
  • Length: 2
  • Supported Version: TLS 1.3 (draft 28) (0x7f1c)
  • Extension: key_share (len=36)
  • Type: key_share (51)
  • Length: 36
  • Key Share extension
  • Key Share Entry: Group: x25519, Key Exchange length: 32
  • Group: x25519 (29)
  • Key Exchange Length: 32
  • Key Exchange: 3d750141fcd29f825d07d511459d003d4e64741270dbb2f4...
  • TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
  • Content Type: Change Cipher Spec (20)
  • Version: TLS 1.2 (0x0303)
  • Length: 1
  • Change Cipher Spec Message
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 23
  • Encrypted Application Data: 52a02a0dd613185b3ff3e26a92bf81fbd12d72a660d5f7
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 675
  • Encrypted Application Data: 86ac93b3a0a8940dc5b449d8f486537525ba6a76fb4cfaf4...
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 153
  • Encrypted Application Data: 777f0bb581c3f0746da4731d85d6f5f87b953e99461f702b...
  • TLSv1.3 Record Layer: Application Data Protocol: Application Data
  • Opaque Type: Application Data (23)
  • Version: TLS 1.2 (0x0303)
  • Length: 69
  • Encrypted Application Data: 7e1ae1d016ce79c750f033ad5e1004a9328b72f9ae316506...

tls 1.2在server hello里有certificate一段,是可以看到证书的颁发者、subject等信息的: 见 https://www.cloudshark.org/captures/26fa735868c1



举报

相关推荐

0 条评论