一、 前言
1.1 协议历史
…
1.2 实现
…
1.3 作用
…
二、 协议层次
2.1 简介
…
2.2 TLS Record Protocol
…
2.3 TLS Handshake Protocol
…
2.3.1 Client Hello
2.3.2 Server Hello
2.3.3 Certificate
2.3.4 Server key exchange
2.3.5 Client key exchange
2.3.6 Change Cipher Spec
2.3.7 Finished
2.3.9 Application Data
三、 基本流程
client hello -> server
...
...
四、 实例分析
实验环境: kali linux
捉取工具: wireshark
数据来源:curl https://www.baidu.com
root@kali:~# curl https://www.baidu.com
<html>
<head>
<script>
location.replace(location.href.replace("https://","http://"));
</script>
</head>
<body>
<noscript><meta http-equiv="refresh" content="0;url=http://www.baidu.com/"></noscript>
</body>
</html>root@kali:~#
4.1 总体分析
wireshark抓到的数据
1~11: dns 过程
12~15: tcp 握手
16:Client Hello
17: ack 确认包
18: Server Hello
19: ack 确认包
20: 数据包,还不完整,需要更多的数据在重组数据
21: ack 确认包
22: Certificate (18、20、22包组合完成)
23: ack 确认包
24: Handshake Protocol: Client Key Exchange,
Change Cipher Spec Protocol: Change Cipher Spec
Handshake Protocol: Encrypted Handshake Message(Finshed)
25: ack 确认包
26: Change Cipher Spec Protocol: Change Cipher Spec
Handshake Protocol: Encrypted Handshake Message(Finshed)
27: Application Data
28: ack
29:Application Data
30: Encrypted Alert
31: ack
32~35: 四次挥手
36~37:乱入的包
4.2 详细协议格式分析
Client Hello 帧格式
查看第 16 行数据:
16: Content Type: Handshake
03 01: Version: TLS 1.0
02 00: Length: 512
剩余的512字节都是 Handshake Protocol: Client Hello
01: Handshake Type: Client Hello
00 01 fc: Length: 508(余下的508字节是 Client Hello 的主体内容)
03 03: Version: TLS 1.2
32字节: Random
00: Session ID Length:0
00 76: Cipher Suites Length:118
118字节: Cipher Suites(client 支持的加密套件)
01: Compression Methods Length: 1
00: Compression Methods
01 5d: Extensions Length:349
349字节: 扩展的内容
…
…
…
五、 参考资料
– http://www.ietf.org/rfc/rfc2246.txt
– http://www.ietf.org/rfc/rfc2818.txt
– http://www.ietf.org/rfc/rfc5246.txt
– http://drops.wooyun.org/tips/6002
– http://www.cnblogs.com/adforce/archive/2012/11/27/2790937.html
– http://segmentfault.com/a/1190000002963044