Select Page

Debug TLS 1.2 Handshake Messages (SSLdump, OpenSSL)

by | 9-Jul-2020 | Computer Networking, The Protocols, The Tools

Applied version

  • SSL, TLS
    Focus on TLS version 1.2
    Less focus on earlier version

Debug TLS 1.2 Handshake Messages (SSLdump, OpenSSL)

Debug TLS handshake using SSLdump

Debug TLS 1.2 with cipher “TLS_RSA_WITH_AES_128_CBC_SHA”

  • This debug provide human readable format for handshake messages, except for certificates information.
  • Message flow of TLS 1.2 handshake (Figure 1)
  • TCPdump, SSLdump command (Figure 2)
  • SSLdump output
    • Client Hello (Figure 3)
    • Server Hello, [Hex] Certificate (Figure 4)
    • Client Key Exchange, Change Cipher Spec, Finished (Figure 5)
    • Change Cipher Spec, Finished (Figure 5)
    • Application Data: GET / HTTP/1.1 (Figure 6)
  1. TCPdump command
    • tcpdump -vnni 0.0:nnnp -s0 -w /var/tmp/debug-ssl.pcap host 192.168.201.100 and tcp port 443
      • Server IP: 192.168.201.100, service port: 443
      • Save as dump file to “/var/tmp/debug-ssl.pcap host”
  2. SSLdump command
    • ssldump -AedHx -p Passw0rd-svr -nr /var/tmp/debug-ssl.pcap -k /config/filestore/files_d/Common_d/certificate_key_d/\:Common\:www.xyz.com_76785_1 > /var/tmp/debug-ssl.pcap.txt
      • Dump file: “/var/tmp/debug-ssl.pcap host”
      • Private key: “/config/filestore/files_d/Common_d/certificate_key_d/\:Common\:www.xyz.com_76785_1”
      • Write text output to “/var/tmp/debug-ssl.pcap.txt”
    • more /var/tmp/debug-ssl.pcap.txt
  3. SSLdump output
      • Client Hello
        • When a client first attempts to connect to an SSL server, it initiates the session by sending a ClientHello message to the server.
        • The ClientHello message starts the SSL communication between the two systems.
          • > Version: The version field contains the highest SSL version that the client supports.
          • > Random: A random number generated by the client.
          • > Session ID: An arbitrary sequence of bytes chosen by the server; it identifies a particular SSL session. The client may attempt to resume a previously established session by sending a non-zero session ID.
          • > Cipher suites: Identifies the list of ciphers suites that the client supports.
          • > Compression: Identifies the list of compression methods that the client supports.
      • Server Hello
        • If the server is able to find an acceptable set of algorithms, it responds to the ClientHello message with a ServerHello message.
        • The server may use the ServerHello message to allow a resumed session.
          • > Version: The version field contains the highest SSL version supported by both the client and server.
          • > Random: A random number generated by the server.
          • > Session ID: Identifies a particular SSL session. If the client sends a non-zero session ID and the server locates a match in its cache, the server will attempt to respond with the same value as was supplied by the client, and resume the session using the same cipher suite.
          • > Cipher suites: Identifies the cipher suite chosen by the server from the list of ciphers that the client supports.
          • > Compression: Identifies the compression method chosen by the server from the list that the client supports.
      • Certificate
        • The server sends its Certificate message containing the server’s certificate or list of (chain) certificates, depending on the selected cipher suite.
        • Note: The server may send a ServerKeyExchange message when the server Certificate message does not contain enough data to allow the client to exchange a premaster secret. This is true of some ciphers such as DHE-DSS.
      • Server Hello Done
        • After sending its certificate, the server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
      • ClientKeyExchange
        • The client sends the ClientKeyExchange message containing the PreMasterSecret.
        • The PreMasterSecret is sent encrypted using the public key of the server.
      • ChangeCipherSpec
        • Both the client and server send the ChangeCipherSpec message after the security parameters have been determined.
        • The ChangeCipherSpec message activates the negotiated SSL options for the session.
        • From this point forward, all messages are authenticated and encrypted.
        • This stage is significant as it indicates that subsequent records will be protected under the newly negotiated CipherSpec and keys.
      • Finished
        • Each party sends a Finished message under the new algorithm, keys and secrets. The Finished message indicates that the handshake is complete, and the parties may begin to exchange application layer data.

     

    Debug TLS handshake using OpenSSL

    Debug TLS 1.2 with cipher “TLS_RSA_WITH_AES_128_CBC_SHA”

    • This debug provide human readable format for certificates information, ssl process states, and handshake result.
    • OpenSSL cipher string is using different format with IANA.
    • OpenSSL s_client command (Figure 1)
    • OpenSSL s_client output
      • Client Hello Server Hello, [Hex] Certificate (Figure 1)
      • [Readable] Certificates, Server Hello Done, Client Key Exchange (Figure 2)
      • [Client] Change Cipher Spec, Finished (Figure 3)
      • [Server] Change Cipher Spec, Finished (Figure 3)
      • Certificate chain of trust (Figure 4)
      • TLS handshake result (Figure 5)
      • Application Data Request (Figure 6)
      • Application Data Response (Figure 7)
    1. OpenSSL command
      • openssl s_client -msg -showcerts -state -CAfile /var/tmp/TrustMe_CA-bundle.crt -connect www.xyz.com:443
        • CA certificate: “/var/tmp/TrustMe_CA-bundle.crt”
        • Show protocol messages
        • Show all certificates sent by the server
        • print the ‘ssl’ states (e.g. read server hello)

    Recent Comments

      0 Comments

      Submit a Comment

      Your email address will not be published. Required fields are marked *