I generated a PCAP file with TLS session, and I have the matching private key used by my HTTPS server.
The TLS session is not using DH for key exchange, so it should be possible to decrypt.
I know OpenSSL can be used to connect to a socket to "actively" handle the TLS session, but is there a way to "passively" decode and decrypt a session?
How can I "feed" the packets (both directions) into the OpenSSL library?
Or maybe another library has such interface? (I know Wireshark/tshark/ssldump can do it, I'm looking for a programmatic way)
Related
I have traffic between clients (which send XML over HTTPS) to my IIS.
I tried to decrypt the traffic using Wireshark and the following settings:
Adding the private key:
But even after setting this, I can't see the decrypted data:
Should I change any other settings to see the original data?
There is strong possibility that a Diffie-Hellman (DH) key exchange is being used here. In that case Wireshark cannot decipher SSL/TLs with a private key. You can check for this in the handshake packet.
From the Docs:
The RSA private key file can only be used in the following
circumstances:
The cipher suite selected by the server is not using (EC)DHE.
The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA)
certificate.
The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.
In most of the online sources, I was told that in the two way TLS,
the client needs to provide the cert for the server to validate. My
case is that the device gets the cert from the CA, but when the
device attempt establish a tls connection, the pfx is required which
will contain the private key from the device.
I have used openssl to convert the pfx to .cert and .key. By only using the .cert part on
POSTMAN, I failed to connect to the server with 403. Only when I
include both .key and .cert the TLS 1.2 connection was established.
For the regular TLS (one-way), the private key will never be sent
from the server, but why is the client need to send pfx.
I have an existing server that is using the following setting.
The connection to this site uses TLS 1.2 (a strong protocol), RSA (an
obsolete key exchange), and AES_128_CBC with HMAC-SHA1 (an obsolete cipher).
If I want to change the key exchange and cipher, do I need to get a new certificate?
The cipher is (mostly) unrelated to the certificate. Given that you are using a RSA certificate (since otherwise RSA key exchange would not be possible) you can switch to ECDHE key exchange. And instead of AES-128-CBC you might use AES-128-GCM or AES-256. For useful configurations you might use the Mozilla SSL Configuration Generator.
I have a flask application(client) from where I need to send some data to a server(another flask application as of now) and get some corresponding data. I need to use REST because the server can be anything later(the current flask app is a dummy server for testing). I need to have SSL connection between client and server. I see that SSL works in several steps:
Client requests for an encrypted connection.
Server responds with an SSL Certificate which will have a public key.
Client verifies the SSL Certificate
Client creates a private key
Client encrypts the private key with the public key and sends it to the server.
Server decrypts it and gets the private key.
Thus an encrypted connection is established between client and server. Further exchange of data between client and server happens by encrypting the data with the private key.
This is what I am trying to achieve. Please correct me if I got the SSL concept wrong.
I have seen below implementation and works perfectly for me.
Client side uses requests.get() with verify=<path to server SSL certificate>. I have generated SSL certificate for server using openssl as follows.
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
But I don't think all the above 7 steps are being covered here. What is the actual way of implementing SSL? Any help would be appreciated.
Client requests for an encrypted connection.
Correct.
Server responds with an SSL Certificate which will have a public key.
Correct.
Client verifies the SSL Certificate
Correct.
Client creates a private key
Incorrect. It is already far too late for this to occur.
Client encrypts the private key with the public key and sends it to the server.
Incorrect. There is no such step. See RFC 2246 and successors.
Server decrypts it and gets the private key.
Incorrect, ditto.
Thus an encrypted connection is established between client and server.
Incorrect, ditto.
Further exchange of data between client and server happens by encrypting the data with the private key.
Incorrect, ditto. TLS works by (1) establishing trust via the server certificate and PKI; (2) optionally establishing trust via the client certificate; and (3) establishing a symmetric session key via a process of key negotiation, in which the actual session key is never transmitted.
This is what I am trying to achieve.
No it isn't. You are trying to establish a TLS connection. What it does is really very little concern of yours.
Please correct me if I got the SSL concept wrong.
You got it totally wrong.
I have generated SSL certificate for server using openssl as follows.
No you haven't. You have created a Certificate Signing Request (CSR). This is useless until you get it signed by a Certificate Authority (CA). It isn't an SSL certificate.
In the above method of implementation, client verifies the server's certificate for every rest call but I dont want to do this. I want to create an encrypted connection between client and server and then the further exchange of data should be encrypted. So, I think the initial creation of enrypted connection between client and server is missing. Also, the private key generation from client side is missing. I want to implement SSL and I think TLS is different from SSL. Correct me if I am wrong.
You are wrong. TLS supports session resumption, which allows for abbreviated handshakes, which eliminates the certificate exchange steps. The 'private key generation from client side' step is missing because it doesn't necessarily exist. You're guessing.
What I want is test tls handshake when psk is active.
I also want to see every http header exchanged during the connection between client (my laptop) and public server.
Now I am wondering if there is a public psk tls server where I can do my test.
Regards.
I doubt that there is a web server using PSK on the internet open for public testing. Also I doubt that browsers support PSK cipher suites. But you can setup your own web server using PSK with openssl:
openssl s_server -psk 1a2b3c4d -nocert -www
And the matching client:
openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d
As for the HTTP protocol: it is independent from the TLS layer, i.e. it does not change if PSK or the normal authentication with certificates is used.
Even if some public TLS Server were to support PSK, you won't be able to test your client with it. There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK.
Public Key Authentication:
Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key.
Pre-Shared key:
As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key.
So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients).
So, the best way for you is to use openssl's test client and server tools and test it.