協議記錄層(Record Protocol format)的格式
TLS 記錄的頭部有三個組成部分
第0個字節: TLS 記錄的類別
第1-2個字節: TLS 版本(主版本/次版本)
第3-4個字節:包含頭部在內的總長度
Length of data in the record (excluding the header itself). The maximum supported is 16384 (16K).
record type (1 byte)
/
/ version (1 byte major, 1 byte minor)
/ /
/ / length (2 bytes)
/ / /
+----+----+----+----+----+
| | | | | |
| | | | | | TLS Record header
+----+----+----+----+----+
Recode Type的種類
Record Type Values | dec | hex |
---|---|---|
CHANGE_CIPHER_SPEC | 20 | 0x14 |
ALERT | 21 | 0x15 |
HANDSHAKE | 22 | 0x16 |
APPLICATION_DATA | 23 | 0x17 |
版本號的種類
Version Values | dec | hex |
---|---|---|
SSL 3.0 | 3,0 | 0x0300 |
TLS 1.0 | 3,1 | 0x0301 |
TLS 1.1 | 3,2 | 0x0302 |
TLS 1.2 | 3,3 | 0x0303 |
TLS1.3 | 3,4 | 0x0304 |
握手協議(Handshake Protocol)的格式
握手協議在recode Layer的type是22,後面會包括握手的類型,握手消息的長度,和消息體三部分。
Handshake Type是8位
handshake message length 24位
|
|
|
Record Layer | Handshake Layer
| |
| | ...more messages
+----+----+----+----+----+----+----+----+----+------ - - - -+--
| 22 | | | | | | | | | |
|0x16| | | | | | | | |message |
+----+----+----+----+----+----+----+----+----+------ - - - -+--
/ / | \ \----\-----\ |
/ / | \ \
type: 22 / | \ handshake message length
/ type
/
length: arbitrary (up to 16k)
其中握手的種類有如下一些:
Handshake Type Values | dec | hex |
---|---|---|
HELLO_REQUEST | 0 | 0x00 |
CLIENT_HELLO | 1 | 0x01 |
SERVER_HELLO | 2 | 0x02 |
CERTIFICATE | 11 | 0x0b |
SERVER_KEY_EXCHANGE | 12 | 0x0c |
CERTIFICATE_REQUEST | 13 | 0x0d |
SERVER_DONE | 14 | 0x0e |
CERTIFICATE_VERIFY | 15 | 0x0f |
CLIENT_KEY_EXCHANGE | 16 | 0x10 |
FINISHED | 20 | 0x14 |
HelloRequest
重啓握手過程,不會經常使用,如果一個連接持續很久,那麼它的安全性就降低了,服務器可以使用這種消息,重啓握手。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+
| | | | |
4 | 0 | 0 | 0 | 0 |
- ---+----+----+----+----+
/ | \ \---------\
/ \ \
record \ length: 0
length \
type: 0
client hello
這種類型的消息用於開啓一個TLS 的握手。客戶端會發送其支持的cipher suites,對server而言,將會挑選出最佳的密碼套件,壓縮方法和一些擴展內容。並且使用sessionId 可以重複使用之前的會話。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
| 1 | | | | | |32-bit| |max 32-bit| Cipher |Compression|Extensions|
|0x01| | | | 3 | 1 |random| |session Id| Suites | methods | |
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
/ | \ \---------\ \----\ \ \
/ \ \ \ \ SessionId
record \ length SSL/TLS \
length \ version SessionId
type: 1 (TLS 1.0 here) length
server hello
server hello和client hello是類似的,不一樣的是它只會攜帶一種密碼套件和一種壓縮方法。如果其中包含了一個sessionId,表示客戶端將可以reuse。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
| 2 | | | | | | 32byte | |max 32byte| | | |Extensions|
|0x02| | | | 3 | 1 | random | |session Id| | | | |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
/ | \ \---------\ \----\ \ \ \----\ \
/ \ \ \ \ SessionId \ Compression
record \ length SSL/TLS \ (if length > 0) \ method
length \ version SessionId \
type: 2 (TLS 1.0 here) length CipherSuite
certificate
body中將包含了證書鏈。
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+----+----+----+----+-----------+---- - -
| 11 | | | | | | | | | | |
|0x0b| | | | | | | | | |certificate| ...more certificate
- ---+----+----+----+----+----+----+----+----+----+----+-----------+---- - -
/ | \ \---------\ \---------\ \---------\
/ \ \ \ \
record \ length Certificate Certificate
length \ chain length
type: 11 length
ServerKeyExchange
CertificateRequest
當服務器需要使用客戶端證書驗證的時候,需要使用這種類型。在web server 上使用不是很普遍
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+---- - - --+----+----+----+----+-----------+-- -
| 13 | | | | | | | | | | | C.A. |
|0x0d| | | | | | | | | | |unique name|
- ---+----+----+----+----+----+----+---- - - --+----+----+----+----+-----------+-- -
/ | \ \---------\ \ \ \----\ \-----\
/ \ \ \ Certificate \ \
record \ length \ Type 1 Id Certificate \
length \ Certificate Authorities length \
type: 13 Types length Certificate Authority
length
ServerHelloDone:
This message finishes the server part of the handshake negotiation. It does not carry any additional information.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+
| 14 | | | |
4 |0x0e| 0 | 0 | 0 |
- ---+----+----+----+----+
/ | \ \---------\
/ \ \
record \ length: 0
length \
type: 14
ClientKeyExchange:
It provides the server with the necessary data to generate the keys for the symmetric encryption. The message format is very similar to ServerKeyExchange, since it depends mostly on the key exchange algorithm picked by the server.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------------+
| 16 | | | | algorithm |
|0x10| | | | parameters |
- ---+----+----+----+----+----------------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 16
CertificateVerify:
This message is used by the client to prove the server that it possesses the private key corresponding to its public key certificate. The message holds hashed information digitally signed by the client. It is required if the server issued a CertificateRequest to the client, so that it had to send a Certificate that needs to be verified. Once again, the exact size and structure of the information depends on the agreed algorithm. In all cases, the information that serves as input to the hash functions is the same.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------+
| 15 | | | | signed |
|0x0f| | | | hash |
- ---+----+----+----+----+----------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 15
Finished:
This message signals that the TLS negotiation is complete and the CipherSuite is activated. It should be sent already encrypted, since the negotiation is successfully done, so a ChangeCipherSpec protocol message must be sent before this one to activate the encryption. The Finished message contains a hash of all previous handshake messages combined, followed by a special number identifying server/client role, the master secret and padding. The resulting hash is different from the CertificateVerify hash, since there have been more handshake messages.
|
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----------+
| 20 | | | | signed |
|0x14| | | | hash |
- ---+----+----+----+----+----------+
/ | \ \---------\
/ \ \
record \ length
length \
type: 20
參考文章
http://blog.fourthbit.com/2014/12/23/traffic-analysis-of-an-ssl-slash-tls-session/
https://my.oschina.net/tsh/blog/1501243
https://www.cnblogs.com/Jack-Blog/p/13170728.html#hello-request