Comments (2)
I don't know of any in-depth documentation an RSA or non-EC DHE exchange, but they probably exist out there. If you'd like to do a deep investigation of such a key exchange at the protocol level, the steps I would take would be:
- Capture such a connection using tcpdump or Wireshark, while also capturing the SSL key log from that connection (see
SSLKEYLOGFILE
for hints on how to get a keylog, it depends on the software making the connection). - View the packet capture in Wireshark. If you give Wireshark the SSL keylog, it will give a byte-by-byte breakdown of the connection, including the key exchange bits.
- Look into how RSA or DH works and match that understanding against the bytes seen in the capture, until they make sense.
I will warn that RSA is becoming increasingly obsolete as it uses long keys and has problems with forward secrecy. The practical problem with learning RSA is it's becoming difficult to force software to even attempt an RSA key exchange (I couldn't easily find the correct flags to openssl s_client
to make it happen).
from illustrated-tls12.
Thanks for your explanation.
from illustrated-tls12.
Related Issues (20)
- Is it supposed to say 5 bytes here, or 4? HOT 2
- Question about https://tls.ulfheim.net/ HOT 4
- why sha256 = 256 bytes? HOT 2
- server key calculation curve25519 tool HOT 1
- Highlighting hex parts with different colors
- Why not an online tls parser? HOT 1
- Question about a source of a claim HOT 1
- Wrong verify_data? HOT 4
- Support for TLS 1.1, etc? HOT 1
- Make each step "linkable" HOT 3
- TLS_ECDHE_RSA_AES_128_GCM_SHA256 HOT 1
- Different SHA256 hash at Client Handshake finished HOT 4
- [ASK] what is the client handshake finished message mean? HOT 35
- How do i get AAD and IV in AES 128 GCM? HOT 16
- Support for TLS v1.3 HOT 3
- corresponding openssl -vvvv lines
- Server encryption keys calculation typos HOT 1
- Mutual Authentication HOT 1
- Use <details> and <summary> for spoilers instead of JavaScript
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from illustrated-tls12.