zoukankan      html  css  js  c++  java
  • Encrypted Handshake Message

    Finished (Encrypted Handshake)

    The Finished message is complicated as it is a hash of all the messages exchanged previously along with a label (“client finished”). This message indicates that the TLS negotiation is completed for the client.

    Note: Wireshark displays the Finished message as Encrypted Handshake since, unlike the previous messages, this message has been encrypted with the just negotiated keys/algorithms.

    HTTPS over TLS - encrypted type

    How does wireshark recognizes: Handshake protocol: Encrypted Handshake message. From the rfc, it doesn't seem to have this type? how can we recognize it from the bytes?

    回答1

    Wireshark lists this as an "Encrypted Handshake" message because:

    1. It sees from the SSL record that it is a handshake message
    2. The communication is encrypted, as "ChangeCipherSpec" indicates that the negtiated session keys will from that point on be used to encrypt the communication.

    When you tell Wireshark to do SSL decryption (by using the private key of the server), the message would have been decrypted and you would see that it is indeed one of the listed handshake messages.

    回答2

    Handshake messages are encrypted after ChangeCipherSpec message with appropriate preceding parameters.

    From RFC 5246 (TLS 1.2), section 7.4. Handshake protocol:

    The TLS Handshake Protocol is one of the defined higher-level clients of the TLS Record Protocol. This protocol is used to negotiate the secure attributes of a session. Handshake messages are supplied to the TLS record layer, where they are encapsulated within one or more TLSPlaintext structures, which are processed and transmitted as specified by the current active session state.

    The current state is described in section 6.1. Connection states:

    The security parameters for the pending states can be set by the TLS Handshake Protocol, and the ChangeCipherSpec can selectively make either of the pending states current, in which case the appropriate current state is disposed of and replaced with the pending state; the pending state is then reinitialized to an empty state. It is illegal to make a state that has not been initialized with security parameters a current state. The initial current state always specifies that no encryption, compression, or MAC will be used.

    In practice, you will see unencrypted Client Hello, Server Hello, Certificate, Server Key Exchange, Certificate Request, Certificate Verify and Client Key Exchange messages. The Finished handshake message is encrypted since it occurs after the Change Cipher Spec message.

  • 相关阅读:
    配置ftp服务器只能上传不能进行其他操作
    教你用CMD命令查询域名的DNS解析记录:A,NS,MX,CNAME,TXT
    js 多选选择删除数据
    类加载是为了执行静态方法
    数据库 基本命令
    在where子句中经常使用的运算符
    数据库编码问题
    JSP2.0自定义标签
    实现一个基本防盗链标签
    自定义标签
  • 原文地址:https://www.cnblogs.com/chucklu/p/15684104.html
Copyright © 2011-2022 走看看