[ssl certification, certificate] Wireshark packet capture analysis

Enterprise 2023-07-02 14:07:28 views: null

Related articles:
//-----------Java SSL begin----------------------
【ssl authentication, certificate】SSL two-way authentication Difference with SSL one-way authentication (schematic diagram)
[ssl authentication, certificate] ssl syntax API description (SSLContext) in java, connection with keytool tool
[ssl authentication, certificate] SSL two-way authentication java actual combat, keytool create certificate
[ssl authentication , certificate] Wireshark packet capture analysis
[ssl certification, certificate] View the content of the keystore file
//------------Java SSL end---------------- ----------

//-----------The following is the knowledge related to CA certificate and openssl-------------
[ssl certification, certificate] TLS/SSL two-way certification concept, openssl genrsa example
[ssl certification, certificate] openssl genrsa command detailed explanation
[ssl certification, certificate] SSL certificate basic concept, certificate format, difference between openssl and keytool

code example

See 【ssl authentication, certificate】SSL two-way authentication java practice, keytool to create a certificate

The complete process:

insert image description here

Analysis of TLS/SSL two-way authentication handshake process


(1) The protocol version supported by client_hello , such as TLS 1.0;
the supported encryption algorithm (Cipher Specs);
the random number 1 (Challenge) generated by the client, which is later used to generate a "conversation key".
insert image description here
(2) server_hello
confirms the protocol version used;
the random number 2 generated by the server is used later to generate the "conversation key"; the
encryption algorithm used is confirmed; algorithm explanation: the encryption algorithm behind HTTPS
provides its own certificate to the client;
Request the client's certificate.

insert image description here
(3) The client
sends the client certificate to the server;
client_key_exchange.

insert image description here


(4) The client sends the client certificate verification to the server ;
change_cipher_spec: The client notifies the server that subsequent communications will be encrypted using the negotiated communication key and encryption algorithm.

insert image description here
(5) Change_cipher_spec from the server to the client
: After the verification is passed, the server also sends a change_cipher_spec to inform the client that subsequent communications will be encrypted using the negotiated key and algorithm; encrypted_handshake_message: The
server also generates a message combining all current communication parameters The data is encrypted with the negotiated key session secret and algorithm and sent to the client;
insert image description here
(6) Encrypted communication
Start using the negotiated key and algorithm for encrypted communication.

insert image description here

reference

SSL/TSL two-way authentication process and Wireshark packet capture analysis

Guess you like

Origin blog.csdn.net/m0_45406092/article/details/129996514
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com