协议记录层(Record Protocol format)的格式
TLS 记录的头部有三个组成部分
第0个字节: TLS 记录的类别
第1-2个字节: TLS 版本(主版本/次版本)
第3-4个字节:包含头部在内的总长度
Length of data in the record (excluding the header itself). The maximum supported is 16384 (16K).
record type (1 byte)
/
/ version (1 byte major, 1 byte minor)
/ /
/ / length (2 bytes)
/ / /
+----+----+----+----+----+
| | | | | |
| | | | | | TLS Record header
+----+----+----+----+----+
Recode Type的种类
Record Type Values | dec | hex |
---|---|---|
CHANGE_CIPHER_SPEC | 20 | 0x14 |
ALERT | 21 | 0x15 |
HANDSHAKE | 22 | 0x16 |
APPLICATION_DATA | 23 | 0x17 |
版本号的种类
Version Values | dec | hex |
---|---|---|
SSL 3.0 | 3,0 | 0x0300 |
TLS 1.0 | 3,1 | 0x0301 |
TLS 1.1 | 3,2 | 0x0302 |
TLS 1.2 | 3,3 | 0x0303 |
TLS1.3 | 3,4 | 0x0304 |
握手协议(Handshake Protocol)的格式
握手协议在recode Layer的type是22,后面会包括握手的类型,握手消息的长度,和消息体三部分。
Handshake Type是8位
handshake message length 24位
|
|
|
Record Layer | Handshake Layer
| |
| | ...more messages
+----+----+----+----+----+----+----+----+----+------ - - - -+--
| 22 | | | | | | | | | |
|0x16| | | | | | | | |message |
+----+----+----+----+----+----+----+----+----+------ - - - -+--
/ / | \ \----\-----\ |
/ / | \ \
type: 22 / | \ handshake message length
/ type
/
length: arbitrary (up to 16k)
其中握手的种类有如下一些:
Handshake Type Values | dec | hex |
---|---|---|
HELLO_REQUEST | 0 | 0x00 |
CLIENT_HELLO | 1 | 0x01 |
SERVER_HELLO | 2 | 0x02 |
CERTIFICATE | 11 | 0x0b |
SERVER_KEY_EXCHANGE | 12 | 0x0c |
CERTIFICATE_REQUEST | 13 | 0x0d |
SERVER_DONE | 14 | 0x0e |
CERTIFICATE_VERIFY | 15 | 0x0f |
CLIENT_KEY_EXCHANGE | 16 | 0x10 |
FINISHED | 20 | 0x14 |
HelloRequest
重启握手过程,不会经常使用,如果一个连接持续很久,那么它的安全性就降低了,服务器可以使用这种消息,重启握手。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+
| | | | |
4 | 0 | 0 | 0 | 0 |
- ---+----+----+----+----+
/ | \ \---------\
/ \ \
record \ length: 0
length \
type: 0
client hello
这种类型的消息用于开启一个TLS 的握手。客户端会发送其支持的cipher suites,对server而言,将会挑选出最佳的密码套件,压缩方法和一些扩展内容。并且使用sessionId 可以重复使用之前的会话。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
| 1 | | | | | |32-bit| |max 32-bit| Cipher |Compression|Extensions|
|0x01| | | | 3 | 1 |random| |session Id| Suites | methods | |
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
/ | \ \---------\ \----\ \ \
/ \ \ \ \ SessionId
record \ length SSL/TLS \
length \ version SessionId
type: 1 (TLS 1.0 here) length
server hello
server hello和client hello是类似的,不一样的是它只会携带一种密码套件和一种压缩方法。如果其中包含了一个sessionId,表示客户端将可以reuse。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
| 2 | | | | | | 32byte | |max 32byte| | | |Extensions|
|0x02| | | | 3 | 1 | random | |session Id| | | | |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
/ | \ \---------\ \----\ \ \ \----\ \
/ \ \ \ \ SessionId \ Compression
record \ length SSL/TLS \ (if length > 0) \ method
length \ version SessionId \
type: 2 (TLS 1.0 here) length CipherSuite
certificate
body中将包含了证书链。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+----+----+----+----+-----------+---- - -
| 11 | | | | | | | | | | |
|0x0b| | | | | | | | | |certificate| ...more certificate
- ---+----+----+----+----+----+----+----+----+----+----+-----------+---- - -
/ | \ \---------\ \---------\ \---------\
/ \ \ \ \
record \ length Certificate Certificate
length \ chain length
type: 11 length
ServerKeyExchange
ServerKeyExchange 使用 Diffie-Hellman 秘钥交换算法时需要
由客户端接收。客户端需要服务端提供这个参数,用于建立对称加密。这是一个可选的参数,并不是所有的秘钥交换算法都需要提供这个参数。 参数的格式根据 CipherSuite 的不同而不同。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------------+
| 12 | | | | algorithm |
|0x0c| | | | parameters |
- ---+----+----+----+----+----------------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 12
CertificateRequest
当服务器需要使用客户端证书验证的时候,需要使用这种类型。在web server 上使用不是很普遍
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+---- - - --+----+----+----+----+-----------+-- -
| 13 | | | | | | | | | | | C.A. |
|0x0d| | | | | | | | | | |unique name|
- ---+----+----+----+----+----+----+---- - - --+----+----+----+----+-----------+-- -
/ | \ \---------\ \ \ \----\ \-----\
/ \ \ \ Certificate \ \
record \ length \ Type 1 Id Certificate \
length \ Certificate Authorities length \
type: 13 Types length Certificate Authority
length
ServerHelloDone:
This message finishes the server part of the handshake negotiation. It does not carry any additional information.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+
| 14 | | | |
4 |0x0e| 0 | 0 | 0 |
- ---+----+----+----+----+
/ | \ \---------\
/ \ \
record \ length: 0
length \
type: 14
ClientKeyExchange:
It provides the server with the necessary data to generate the keys for the symmetric encryption. The message format is very similar to ServerKeyExchange, since it depends mostly on the key exchange algorithm picked by the server.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------------+
| 16 | | | | algorithm |
|0x10| | | | parameters |
- ---+----+----+----+----+----------------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 16
CertificateVerify:
This message is used by the client to prove the server that it possesses the private key corresponding to its public key certificate. The message holds hashed information digitally signed by the client. It is required if the server issued a CertificateRequest to the client, so that it had to send a Certificate that needs to be verified. Once again, the exact size and structure of the information depends on the agreed algorithm. In all cases, the information that serves as input to the hash functions is the same.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------+
| 15 | | | | signed |
|0x0f| | | | hash |
- ---+----+----+----+----+----------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 15
Finished:
This message signals that the TLS negotiation is complete and the CipherSuite is activated. It should be sent already encrypted, since the negotiation is successfully done, so a ChangeCipherSpec protocol message must be sent before this one to activate the encryption. The Finished message contains a hash of all previous handshake messages combined, followed by a special number identifying server/client role, the master secret and padding. The resulting hash is different from the CertificateVerify hash, since there have been more handshake messages.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------+
| 20 | | | | signed |
|0x14| | | | hash |
- ---+----+----+----+----+----------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 20
ChangeCipherSpec Protocol 格式
指示Client从现在开始发送的消息都是加密过的
指示Server从现在开始发送的消息都是加密过的
按照逻辑理解,ChangeCipherSpec 应该是属于握手协议的一部分,但是却被单独列出来,这是因为记录协议的封装导致的。 记录协议的记录块是一整块被加密的,一个记录块小于等于 2^16 字节。假如 ChangeCipherSpec 所在块中有用户数据,那么这个数据 应该被加密,但是事实上,无法对记录块中的部分数据进行加密。所以单独列出。
|
|
|
Record Layer | ChangeCipherSpec Layer
|
|
+----+----+----+----+----+----+
| 20 | | | | | |
|0x14| | | 0 | 1 | 1 |
+----+----+----+----+----+----+
/ / |
/ / |
type: 20 / |
/
/
length: 1
参考文章
http://blog.fourthbit.com/2014/12/23/traffic-analysis-of-an-ssl-slash-tls-session/
https://my.oschina.net/tsh/blog/1501243
https://www.cnblogs.com/Jack-Blog/p/13170728.html#hello-request