How SSL/TLS handshake can be done?
In this post, I will analysis the SSL/TLS packet. In fact, I have some chance to see RDP packets. Look at the below. This is RDP packet captures.
I wrote "How to calculate the sequence number" in this post. In this post, I will only handle how SSL/TLS handshake can be done. Before SSL/TLS handshake, TCP handshake should be established.
1. Client Hello
At first, Client send the "Client Hello" packet. In this packet, there are three important information. Random number, Session ID and Cipher suites.
Random number is used to generate "pre-master key" with another random number from server. This "pre-master key" will be used to generate "master key" which encrypt and decrypt the packets.
Cipher suites is the list which the client can support. Thus, the server will select one of this lists.
2. Server Hello.
After receive the client hello, server send the "Server Hello" packet to client. In this packet, there are three important information. Random number, Cipher suite and Certificate with Public key.
Random number is used to generate "pre-master key" with another random number from client.
Cipher suite is the selected item which is one of list from client.
Certificates is the very important parameters. In this values, "Public Key" is included. This "Public Key" is used to encrypt the "pre-master key" before transfer to server.
3. Client Key Exchange
In this step, Client know both random values of client and server. Therefore, client generate the "Pre-master key". Also, client can know public key because of the received certificates. So, client sent the packet which "Pre-master key" is included in. It is encrypted by public key.
4. Server Response.
Finally, the server knows "pre-master key", after decrypting received packet. The server and client will be generate "master key" each by some algorithm. This "master key" is used for encrypt and decrypt the data packet.
5. Data Packet with Encryption.
So, the Data packets are encrypted by this master key. I can see the SSL layer in the packets like below. Data will be encrypted.
Reference
[ 1 ] https://opentutorials.org/course/228/4894
[ 2 ] http://createnetech.tistory.com/25
'Network Engineering > Basic Learning' 카테고리의 다른 글
| How does the OSPF cost work? (0) | 2019.07.18 |
|---|---|
| How to work BGP synchronize and next hop self with Nexus? (0) | 2019.07.11 |
| What is basic BGP community concept? (0) | 2019.06.18 |
| How does the multicast (PIM sparse mode) work with MSDP? (0) | 2019.06.07 |
| How to calculate sequence number of the TCP/IP packets? (0) | 2018.12.17 |