TLSv1.3基于ECDH的算法优化了整个过程,在Client Hello时传入公钥,那么,服务端可以在下次握手时,即可采用加密的握手协商了.
具体如下.
发送
TLSv1.3 Record Layer: Handshake Protocol: Client Hello 增加了key_share的扩展
回复
TLSv1.3 Record Layer: Handshake Protocol: Server Hello 给出另一半的key_share
TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec 开启握手加密
TLSv1.3 Record Layer: Application Data Protocol: Application Data ---->EncryptedExtensions (加密握手过程)
TLSv1.3 Record Layer: Application Data Protocol: Application Data ---->Certificate 下发服务器证书 (加密握手过程)
TLSv1.3 Record Layer: Application Data Protocol: Application Data ---->CertificateVerify 验证证书 (加密握手过程)
TLSv1.3 Record Layer: Application Data Protocol: Application Data ---->Finished 结束服务端协商 (加密握手过程)
发送
TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec 开启对称加密
TLSv1.3 Record Layer: Application Data Protocol: Application Data ---->Finished 结束客户端协商 (加密握手过程)
发送
TLSv1.3 Record Layer: Application Data Protocol: Application Data 对称秘钥
回复
TLSv1.3 Record Layer: Application Data Protocol: Application Data 对称秘钥
用wireshark的解包过程不可见其加密握手的流程.
菜单Edit->Preferences...->Protocols->SSL->RSA keys lists: Edit...->New,载入rsa私钥,并不能解码,有待进一步学习.