深究SSL协议层握手过程

目录

一.SSL协议介绍

1.1 SSL协议包含两层

1.2 SSL协议所在层级

1.3 SSL协议握手流程图

1.4 Handshake Protocol有不同类型的值的含义

二 抓包分析

三 参考文档

---

 

前一篇文章整理了关于https的一些知识点，其中涉及到SSL/TLS层的协议握手细节讲的不是很细致，本文再着重通过抓包分析下这个过程。

一.SSL协议介绍

1.1 SSL协议包含两层

①SSL Record Protocol（SSL记录协议）

②SSL Handshake Protocol（SSL握手协议）

 

1.2 SSL协议所在层级

（传输层之上，应用层之下）

 

1.3 SSL协议握手流程图

注：上图中括号的内容是可选的，根据具体场景不同而不同。

 

• An SSL session always begins with an exchange of messages called the SSL handshake.
  • Here is summary of the steps involved in the SSL handshake.

1. The client sends the server the client's SSL version number, cipher settings, randomly generated data, and other information the server needs to communicate with the client using SSL.
2. The server sends the client the server's SSL version number, cipher settings, randomly generated data, and other information the client needs to communicate with the server over SSL. The server also sends its own digital certificate and, if the client is requesting a server resource that requires client authentication, requests the client's digital certificate.
3. The client uses the information sent by the server to authenticate the server. If the server cannot be authenticated, the user is warned of the problem that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds.
4. Using all data generated in the handshake so far, the client creates the premaster secret for the session, encrypts it with the server's public key (obtained from the server's digital certificate), and sends the encrypted premaster secret to the server.
5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case the client sends both the signed data and the client's own digital certificate to the server along with the encrypted premaster secret.
6. If the server has requested client authentication, the server attempts to authenticate the client. If the client cannot be authenticated, the session is terminated. If the client can be successfully authenticated, the server uses its private key to decrypt the premaster secret, then performs a series of steps which the client also performs, starting from the same premaster secret to generate the master secret.
7. Both the client and the server use the master secret to generate session keys which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity.
8. The client informs the server that future messages from the client will be encrypted with the session key. It then sends a separate encrypted message indicating that the client portion of the handshake is finished.
9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate encrypted message indicating that the server portion of the handshake is finished.
10. The SSL handshake is now complete, and the SSL session has begun. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity.

 

1.4 Handshake Protocol有不同类型的值的含义

• Client Hello：当客户端第一次连接到服务器是，应将Client Hello作为第一条信息发给服务器。Client Hello包含了客户端支持的算法，如果服务器不支持，则本次会话失败；
• Server Hello：服务器对Client Hello的回复。
• Certifaicate：client访问server时，如果要求验证server的证书信息，则server立刻在Server Hello信息之后发送证书（Certificate）给client；该消息一般在server hello消息之后发送。
• Server Key Exchange：在发送Server Certificate证书消息之后，根据Server Hello选择的算法不同，并且证书里没有足够的数据交换pre master secret预主密钥，Server就会发送Server Key Exchange消息，交换协商参数，以便双方生成premaster secret预主密钥。

那么哪些情况会发送，哪些情况不会发送呢？ rfc5246 中有以下规定：

1） DHE_DSS、DHE_RSA、DH_anon 算法会发送此消息. 2） RSA、DH_DSS、DH_RSA 算法不会发送此消息

• Server Hello Done：服务器发出该信息表明Server Hello结束，然后等待客户端响应。客户端收到该信息后检查服务器提供的证书是否有效，以及服务器的Hello参数是否可接受。
• Client Key Exchange:

什么时候发送呢？

1）如果server请求client certificate，则client应当立即发送Client  Key Exchange；

2）或当收到server的Server Hello Done后，则client应当立刻发送Client Key Exchange；

• Change Cipher Spec：是客户端和服务器给对方发送的通知信息，告知对方后续记录都在新协商的加密算法和秘钥下加密过的。固定长度一个字节。
• Finished：表示SSL握手成功，且是第一条被加密保护的信息。一旦任一方发送完Finished信息，并且接收到对方经过校验过的Finished消息后，就可以开始正式进行数据交互了。

什么时候发送呢？

一般在收到Change Cipher Spec消息后，立刻发送Finished消息。

二 抓包分析

环境：100.119.154.14 --客户端；218.18.162.102 --服务端；

动作：客户端请求一个index.html页面，wireshark抓包的正式这个过程。

1）1,2,3号包，正常tcp三次握手，不赘述；

2）4号包，client发送Client Hello，包含如：client支持的加密算法列表，TLS版本，生成的对称秘钥随机数。

注意上图中，如果server端能找到该session ID，则server端直接使用该sessionID的连接向client回复Server Hello消息。与此同时，client和server都会发送Change Cipher Spec消息，以及直接发送Finished消息，快速进入application data交互阶段。此时不用经过漫长的握手阶段。如下：

2）5号包，server端指定TLS版本，算法类型，生产对称秘钥随机数

3）6号包，server发送证书，重新跟client协商参数以用于生成预主秘钥（pre master key）

 

 

4）7号包，表示收到6号的信息；8号包针对6号包的Server Key Exchange请求进行秘钥协商，

5）9号包，SSL协议握手正式完成，server生产了新的session ticket

6） 10号包，client发送ACK信息给server，表示收到正式的session ticket和新的秘钥了。接下来正式进入http请求阶段了。

三 参考文档

rfc2546

http://www.pierobon.org/ssl/ch2/detail.htm

http://www.c-s-a.org.cn/csa/article/pdf/19990206