SSL Protocol

From Dogtag
Jump to: navigation, search

Hello

Request

--> [
(213 bytes of 208)
SSLRecord { [Fri Jun  2 05:47:24 2017]
   0: 16 03 01 00  d0                                     | .....
   type    = 22 (handshake)
   version = { 3,1 }
   length  = 208 (0xd0)
   handshake {
   0: 01 00 00 cc                                         | ....
      type = 1 (client_hello)
      length = 204 (0x0000cc)
         ClientHelloV3 {
            client_version = {3, 3}
            random = {...}
   0: c9 fd 54 12  56 89 b7 af  8e 2d bd 10  f0 d8 8c 5c  | ..T.V....-.....\
  10: 35 c0 f2 db  fe de 32 27  3c 22 82 40  86 8a 1c ba  | 5.....2'<".@....
            session ID = {
                length = 0
                contents = {...}
            }
            cipher_suites[28] = {
                (0xc02b) TLS/ECDHE-ECDSA/AES128-GCM/SHA256
                (0xc02f) TLS/ECDHE-RSA/AES128-GCM/SHA256
                (0xcca9) TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256
                (0xcca8) TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256
                (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA
                (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA
                (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA
                (0xc023) TLS/ECDHE-ECDSA/AES128-CBC/SHA256
                (0xc027) TLS/ECDHE-RSA/AES128-CBC/SHA256
                (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA
                (0xc008) TLS/ECDHE-ECDSA/3DES-EDE-CBC/SHA
                (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA
                (0x009e) TLS/DHE-RSA/AES128-GCM/SHA256
                (0xccaa) TLS/DHE-RSA/CHACHA20-POLY1305/SHA256
                (0x0033) TLS/DHE-RSA/AES128-CBC/SHA
                (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
                (0x0067) TLS/DHE-RSA/AES128-CBC/SHA256
                (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
                (0x0038) TLS/DHE-DSS/AES256-CBC/SHA
                (0x006b) TLS/DHE-RSA/AES256-CBC/SHA256
                (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
                (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0x009c) TLS/RSA/AES128-GCM/SHA256
                (0x002f) TLS/RSA/AES128-CBC/SHA
                (0x003c) TLS/RSA/AES128-CBC/SHA256
                (0x0035) TLS/RSA/AES256-CBC/SHA
                (0x003d) TLS/RSA/AES256-CBC/SHA256
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
            }
            compression[1] = {
                (00) NULL
            }
            extensions[107] = {
              extension type server_name, length [42] = {
   0: 00 28 00 00  25 76 6d 2d  30 33 30 2e  61 62 63 2e  | .(..%vm-030.abc.
  10: 69 64 6d 2e  6c 61 62 2e  65 6e 67 2e  62 72 71 2e  | idm.lab.eng.brq.
  20: 72 65 64 68  61 74 2e 63  6f 6d                     | redhat.com
              }
              extension type renegotiation_info, length [1] = {
   0: 00                                                  | .
              }
              extension type elliptic_curves, length [10] = {
   0: 00 08 00 1d  00 17 00 18  00 19                     | ..........
              }
              extension type ec_point_formats, length [2] = {
   0: 01 00                                               | ..
              }
              extension type signature_algorithms, length [32] = {
   0: 00 1e 04 03  05 03 06 03  02 03 08 04  08 05 08 06  | ................
  10: 04 01 05 01  06 01 02 01  04 02 05 02  06 02 02 02  | ................
              }
            }
         }
   }
}
]

Response

<-- [
(2151 bytes of 2146)
SSLRecord { [Fri Jun  2 05:47:24 2017]
   0: 16 03 03 08  62                                     | ....b
   type    = 22 (handshake)
   version = { 3,3 }
   length  = 2146 (0x862)
   handshake {
   0: 02 00 00 4d                                         | ...M
      type = 2 (server_hello)
      length = 77 (0x00004d)
         ServerHello {
            server_version = {3, 3}
            random = {...}
   0: 1b 23 d2 db  86 2c 23 26  d4 7c be 82  b1 03 73 1a  | .#...,#&.|....s.
  10: 9a 23 31 3d  29 d3 2f 3b  e9 e0 35 b7  a7 17 f1 26  | .#1=)./;..5....&
            session ID = {
                length = 32
                contents = {...}
   0: f4 e5 70 17  91 13 1e f1  aa fe 1d 39  bd d6 8c ec  | ..p........9....
  10: d7 53 3b b6  b4 39 a4 d9  4b 85 68 95  83 87 fd 48  | .S;..9..K.h....H
            }
            cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA
            compression method = (00) NULL
            extensions[5] = {
              extension type renegotiation_info, length [1] = {
   0: 00                                                  | .
              }
            }
         }
   0: 0b 00 07 93                                         | ....
      type = 11 (certificate)
      length = 1939 (0x000793)
         CertificateChain {
            chainlength = 1936 (0x0790)
            Certificate {
               size = 959 (0x03bf)
               data = { saved in file 'cert.003' }
            }
            Certificate {
               size = 971 (0x03cb)
               data = { saved in file 'cert.004' }
            }
         }
   0: 0d 00 00 72                                         | ...r
      type = 13 (certificate_request)
      length = 114 (0x000072)
         CertificateRequest {
            certificate types[3] = { 01 40 02 }
            certificate_authorities[30] = {
              distinguished name [1027] = {
   0: 05 03 06 03  02 03 08 04  08 05 08 06  04 01 05 01  | ................
  10: 06 01 02 01  04 02 05 02  06 02 02 02  00 4c 00 4a  | .............L.J
  20: 30 48 31 10  30 0e 06 03  55 04 0a 0c  07 45 58 41  | 0H1.0...U....EXA
  30: 4d 50 4c 45  31 13 30 11  06 03 55 04  0b 0c 0a 70  | MPLE1.0...U....p
  40: 6b 69 2d 74  6f 6d 63 61  74 31 1f 30  1d 06 03 55  | ki-tomcat1.0...U
  50: 04 03 0c 16  43 41 20 53  69 67 6e 69  6e 67 20 43  | ....CA Signing C
  60: 65 72 74 69  66 69 63 61  74 65 0e 00  00 00 00 00  | ertificate......
  70: 00 00 00 00  91 69 00 00  00 00 00 00  00 00 00 00  | .....i..........
  80: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  90: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  a0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  b0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  c0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  d0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  e0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
  f0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 100: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 110: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 120: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 130: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 140: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 150: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 160: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 170: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 180: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 190: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1a0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1b0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1c0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1d0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1e0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 1f0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 200: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 210: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 220: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 230: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 240: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 250: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 260: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 270: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 280: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 290: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2a0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2b0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2c0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2d0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2e0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 2f0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 300: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 310: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 320: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 330: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 340: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 350: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 360: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 370: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 380: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 390: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3a0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3b0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3c0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3d0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3e0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 3f0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  | ................
 400: 00 00 00                                            | ...
              }
            }
         }
   0: 0e 00 00 00                                         | ....
      type = 14 (server_hello_done)
      length = 0 (0x000000)
   }
}
]

Change Cipher Spec

Request

--> [
(349 bytes of 269, with 75 left over)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 16 03 03 01  0d                                     | .....
   type    = 22 (handshake)
   version = { 3,3 }
   length  = 269 (0x10d)
   handshake {
   0: 0b 00 00 03                                         | ....
      type = 11 (certificate)
      length = 3 (0x000003)
         CertificateChain {
            chainlength = 0 (0x0000)
         }
   0: 10 00 01 02                                         | ....
      type = 16 (client_key_exchange)
      length = 258 (0x000102)
         ClientKeyExchange {
            message = {...}
         }
   }
}
(349 bytes of 1, with 69 left over)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 14 03 03 00  01                                     | .....
   type    = 20 (change_cipher_spec)
   version = { 3,3 }
   length  = 1 (0x1)
   0: 01                                                  | .
}
(349 bytes of 64)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 16 03 03 00  40                                     | ....@
   type    = 22 (handshake)
   version = { 3,3 }
   length  = 64 (0x40)
            < encrypted >
}
]

Response

<-- [
(75 bytes of 1, with 69 left over)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 14 03 03 00  01                                     | .....
   type    = 20 (change_cipher_spec)
   version = { 3,3 }
   length  = 1 (0x1)
   0: 01                                                  | .
}
(75 bytes of 64)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 16 03 03 00  40                                     | ....@
   type    = 22 (handshake)
   version = { 3,3 }
   length  = 64 (0x40)
            < encrypted >
}
]

Application Data

Request

--> [
(261 bytes of 256)
SSLRecord { [Fri Jun  2 05:48:34 2017]
   0: 17 03 03 01  00                                     | .....
   type    = 23 (application_data)
   version = { 3,3 }
   length  = 256 (0x100)
            < encrypted >
}
]

Response

<-- [
(373 bytes of 368)
SSLRecord { [Fri Jun  2 05:48:35 2017]
   0: 17 03 03 01  70                                     | ....p
   type    = 23 (application_data)
   version = { 3,3 }
   length  = 368 (0x170)
            < encrypted >
}
]

References