Wireshark captures packets to analyze the process of SSL handshake

Just now I explained with pictures and words SSL Protocol interaction HTTPS agreement -- adopt SSL The process and principle of implementing security by the protocol .

use Wireshark Grab a bag and explain it in detail . It is the home page of Tencent class of an institution .

（ Because the page has changed , So the content captured in the actual packet capture is inconsistent with the picture . But the bag caught in the picture is correct , The technique explained is also correct .）

Select a TLS Request , Right click -- Tracking flow --TLS.

One 、 You can see the complete SSL The process of interaction ：

It's on it TCP Three handshakes , After three handshakes, enter SSL The process of shaking hands .

Two 、SSL Handshake process

1. first SSL Handshakes are initiated by the client to the server Client Hello news .

Click on this request to see the content ：

You can see that the fourth floor is TCP agreement , The source port is a random port , The destination port is 443.

SSL The default protocol is based on TCP Of 443 port .HTTP The default is TCP Of 80 port . therefore HTTPS The default is TCP Of 443 port .

TLS The agreement is on four levels .TLS This type of protocol ： It's a handshake protocol , And it's a Client Hello.

Support TLS1.0,TLS1.2.

TLS yes SSL A version of the protocol . SSL Protocol version ：SSLv3,TLS1.0,TLS1.2

The client puts what it supports TLS Versions are listed in Client Hello Inside . Just like our encryption suite .

This is all the encryption packages supported by the current client

That's all Client Hello It contains some important information .

2.Sever Start replying to the client Server Hello 了 . Click on this request to see ：

Client support TLS1.0 and TLS1.2, The server selected a mutually supported version from the list ：TLS1.2.

This is a Server Hello Type of handshake .

Choose a mutually supported encryption suite ：

The server sends messages from the client , Select the version and the suite . All in Server Hello It tells the client .

3.Server Hello after , The server issued a certificate .

Click to see ：

In this, we mainly look at certificates . The server may have many certificates . It will send all these certificates to the client .

4. The client gets the certificate for verification . After verification, a local random password is generated , And send the password to the server .

Tell the server , The message behind me began to be encrypted . Click on the request to see ：

You can see it in it ： Type of encrypted message , Will encrypt the key .

This is a message to ensure data integrity ：

From the content of the packet capture , After the client sends it , The process is complete .（ The packet capturing tool simplifies the interaction process , It's all put together . If you look at the specific process of separation, it is the process of picture painting in the previous article .）

3、 ... and 、 End of handshake , It will be sent later HTTP The data package .

You can see this HTTP Packets are encrypted ：

http-over-tls intend ： Is in tls On the basis of HTTP Interactive message , It's encrypted. .