TLS 报文分析记录

struct {


ProtocolVersion client_version;


Random random;


SessionID session_id;


CipherSuite cipher_suites;


CompressionMethod compression_methods;


select (extensions_present) {


 case false:


 struct {};


 case true:


 Extension extensions;


};


} ClientHello; http://tools.ietf.org/html/rfc5246#section-7.4.5






Transport Layer Security (TLS) Extensions


http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml


Transport Layer Security (TLS) Parameters


http://www.iana.org/assignments/tls-parameters/tls-parameters.xml


16 03 01 00 6B 01 00 00 67 03 01 51 71 67 53 7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54 00 00 2C 00 FF 00 39 00 38 00 35 00 66 00 33 00 32 00 05 00 04 00 2F 00 16 00 13 FE FF 00 0A 00 15 00 12 FE FE 00 09 00 64 00 62 00 03 00 06 01 00 00 12 00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D 

Package total length = 112

16    --> Tls Header   ( 16 : Plaintext   17 : ciphertext)

03 01 --> TLS Version (v1.0)  03 02 (v1.1)

00 6B --> Following data length = 107 = (112-5)

01 00 --> ClientHello Header 01:Client 02:Server

00 67 --> Following data length= 103 = (107-4)

03 01 --> TLS Version


struct {


 uint32 gmt_unix_time;


 opaque random_bytes[28];


} Random;


51 71 67 53 --> gmt_unix_time

7E F2 BF 7F F2 EA F3 8D 85 5E 23 85 C3 34 7D 31 88 C9 2D 33 85 5F 8E C1 31 32 05 54  (28+4 = 32Byte) --> ClientHello field: random

20    --> ClientHello field: session length (32)

51 71 67 59 C9 A6 6E 17 C1 B4 

96 CF 66 87 D9 91 88 6D A7 3B 

6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ClientHello field: session id

00 2C --> ClientHello field: cipher suite length (44 = 2*12)

00 FF 00 39 00 38 00 35 00 66 

00 33 00 32 00 05 00 04 00 2F 

00 16 00 13 FE FF 00 0A 00 15 

00 12 FE FE 00 09 00 64 00 62 00 03 00 06  --> ClientHello field: cipher suite(s)

01 --> ClientHello field: compression support, length (1)

00 --> ClientHello field: compression support, no compression (0) 

00 12 -->ClientHello field: extension length (18)

00 00 00 0E 00 0C 00 00 09 67 6D 61 69 6C 2E 63 6F 6D --> externsion content


---Server respond hello ---


struct {


  ProtocolVersion server_version;


  Random random;


  SessionID session_id;


  CipherSuite cipher_suite;


  CompressionMethod compression_method;


  select (extensions_present) {


 case false:


 struct {};


 case true:


 Extension extensions<0..2^16-1>;


  };


} ServerHello;


Package total length = 2099


16    --> Tls Header

03 01 --> TLS Version (v1.0)  03 02 (v1.1)

08 2E --> Following data length (2049)

02 00 --> ServerHello Header 01:Client 02:Server

00 4D --> Data Length = 77

03 01 --> TLS Version 

51 71 67 59 --> gmt_unix_time

84 9E 59 7B 4B 12 C6 6C 8E 34 30 86 1A 22 2A A9 00 0B FE 3C 0B 66 BB DB 44 62 B0 70 --> ServerHello field: random

20 --> ServerHello field: session length (32)

51 71 67 59 C9 A6 6E 17 C1 B4 

96 CF 66 87 D9 91 88 6D A7 3B 

6F 3B 63 77 30 1F 71 4C 7B C1 70 B4 --> ServerHello field: session id (32)

00 39  --> selected cipher suite

00 00 05 FF 01 00 01 00 

................................

数据的抓取是从与 gmail.com TLS的握手过程