当前位置:网站首页>Wireshark packet capturing TLS protocol bar displays version inconsistency
Wireshark packet capturing TLS protocol bar displays version inconsistency
2022-07-04 18:39:00 【Dejavu_^_^】
problem
Conduct APP There was a problem during the security test , In the agreement display column, a pile of TLS1.2 Version of the package ** There are several TLSv1, And are client hello package ,** We know TLSv1 It's not safe , Is this a security vulnerability ?
analysis
The following is TLS The negotiation process :
1. The client sends Generate random number (client random) And supported encryption methods to The server
The first handshake bag , Because it's a handshake process , This message contains a random number generated by the client Random1、 Encryption suite supported by client (Support Ciphers) and SSL Version Etc , Because the key has not been negotiated , Plaintext transmission is still used here , Note the plaintext transmission , The data carrier of the recording protocol is plaintext SSL handshake protocol . You may be confused here , Why is plaintext transmission wireshark The agreement column will write TLS edition ? Explain later ~~
Pay attention here , Packets use TLS The version must be in the message Handshake Protocol Under the version To judge , This field really represents the maximum version supported by the client TLS agreement . As you can see below ,Protocol Column , Whether it's client hello still server Of response Are shown as TLSv1.2, In fact, if you look at client Detailed version of , You will find that the inside is TLSv1.0. If you don't look carefully , It may come to the wrong conclusion .
2. The server return server hello, contain
Encryption method used by both parties 、 The use of tls Version number and a random number
Encryption suite (cipher suite):TLS+ Key exchange algorithm + encryption algorithm + Authentication algorithm
Digital certificate and parameters generated by itself through some algorithm
3.client according to server Return value ( random number , Encryption suite ) Exchange key
After the server receives this message , I will use my private key to unlock this random number . After this stage , Both the server and the client have three random numbers : Client random number 、 Server random number and prepared master key . Received on the server Client Key Exchange After the news , Both sides generate the master key according to the corresponding algorithm , Encryption key exchange completed .
Subsequently, inform the other party separately , Subsequent messages will be encrypted and sent .
The following explains why client hello Is shown as TLSv1
In addition to this , Two other interesting phenomena were found in the test , I saw client hello Package for TLSv1, But it disappeared after a while , Discover the original v1 Turned into 1.2.
Save the bag you caught , Open it again after a while , The original v1 It's gone again , Turned into 1.2.
Why does this happen ? It's going back to wireshark Of SSL dissector Source code , From source code , For this client hello Judgment of protocol version , Yes, according to client According to server Both sides make judgments . Under normal circumstances , Both ends are consistent , Or under normal negotiation , According to the server version . If the server does not respond , This is the time , In order to client Terminal client hello The version of is set . The problem we have here , The server responds , It's a different version , Lead to wireshark Is displayed as and client Real inconsistent problems .
The official website has such a problem : https://www.wireshark.org/lists/wireshark-users/201701/msg00004.html
Conclusion
- client hello It is plaintext transmission ,TLSv1 It's just wireshark On the basis of client According to server Result padding on both sides ;
- In use wireshark Grab Test SSL、TLS At version time , Main attention should be paid to application data Whether the package adopts TLS1.2 Above version , Because this is loaded with data .
Other knowledge complements
legacy version and supported_versions
stay TLS1.3 In the previous version ,legacy version For version negotiation , And represents the maximum version supported by the client . stay TLS1.3 The client in supported_versions Add the supported by the client to the extension TLS Version list , meanwhile ,legacy_version Must be set to 0x0303, namely TLS1.2 Version number of .
As shown in the figure , This is a TLS 1.3 Of client hello, Its version yes 0x0303, It has one supported_versions Extended fields for , The highest agreement supported inside is TLS1.3(0x0304).
Reference material :
https://www.tianxiaohui.com/index.php/Linux%E7%9B%B8%E5%85%B3/wireshark-TSL-1-0-%E6%98%BE%E7%A4%BA%E5%8D%8F%E8%AE%AE%E5%88%97%E4%B8%BA-1-2-%E7%9A%84%E9%97%AE%E9%A2%98.html
https://blog.csdn.net/qq_38240926/article/details/94405011
https://blog.csdn.net/qq_31442743/article/details/111666786
边栏推荐
- Unity 制作旋转门 推拉门 柜门 抽屉 点击自动开门效果 开关门自动播放音效 (附带编辑器扩展代码)
- [cloud native] what is the "grid" of service grid?
- 表情包坑惨职场人
- 庆贺!科蓝SUNDB与中创软件完成七大产品的兼容性适配
- Machine learning concept drift detection method (Apria)
- ITSS运维能力成熟度分级详解|一文搞清ITSS证书
- With the stock price plummeting and the market value shrinking, Naixue launched a virtual stock, which was deeply in dispute
- 【Go语言刷题篇】Go完结篇|函数、结构体、接口、错误入门学习
- celebrate! Kelan sundb and Zhongchuang software complete the compatibility adaptation of seven products
- 用于图数据库的开源 PostgreSQL 扩展 AGE被宣布为 Apache 软件基金会顶级项目
猜你喜欢
2022 national CMMI certification subsidy policy | Changxu consulting
78岁华科教授冲击IPO,丰年资本有望斩获数十倍回报
Self reflection of a small VC after two years of entrepreneurship
Wireshark抓包TLS协议栏显示版本不一致问题
Halcon模板匹配
Tutorial on the use of Huawei cloud modelarts (with detailed illustrations)
Li Kou brush question diary /day1/2022.6.23
ISO27001认证办理流程及2022年补贴政策汇总
用于图数据库的开源 PostgreSQL 扩展 AGE被宣布为 Apache 软件基金会顶级项目
Nature Microbiology | 可感染阿斯加德古菌的六种深海沉积物中的病毒基因组
随机推荐
机器学习概念漂移检测方法(Aporia)
Detailed explanation of the maturity classification of ITSS operation and maintenance capability | one article clarifies the ITSS certificate
中国农科院基因组所汪鸿儒课题组诚邀加入
Lua emmylua annotation details
“在越南,钱就像躺在街上”
90后开始攒钱植发,又一个IPO来了
Implementation of shell script replacement function
General environmental instructions for the project
Halcon template matching
未来几年中,软件测试的几大趋势是什么?
表情包坑惨职场人
An example of multi module collaboration based on NCF
You should know something about ci/cd
[cloud voice suggestion collection] cloud store renewal and upgrading: provide effective suggestions, win a large number of code beans, Huawei AI speaker 2!
股价大跌、市值缩水,奈雪推出虚拟股票,深陷擦边球争议
【211】go 处理excel的库的详细文档
怎么开户才是安全的,
Android uses sqliteopenhelper to flash back
Machine learning concept drift detection method (Apria)
Five thousand words to clarify team self-organization construction | Liga wonderful talk