When the Client sends the change cipher spec message before the handshake is finished, does he send it encrypted with the new key or with the public key of the server?
So, for example:
cipher suite= TLS_RSA_WITH_AES_128_CBC
Does the Client send the change cipher spec message encrypted with RSA and the PU of the Server or does he send it with AES and the master_key?
Related
I have traffic between clients (which send XML over HTTPS) to my IIS.
I tried to decrypt the traffic using Wireshark and the following settings:
Adding the private key:
But even after setting this, I can't see the decrypted data:
Should I change any other settings to see the original data?
There is strong possibility that a Diffie-Hellman (DH) key exchange is being used here. In that case Wireshark cannot decipher SSL/TLs with a private key. You can check for this in the handshake packet.
From the Docs:
The RSA private key file can only be used in the following
circumstances:
The cipher suite selected by the server is not using (EC)DHE.
The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA)
certificate.
The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.
In most of the online sources, I was told that in the two way TLS,
the client needs to provide the cert for the server to validate. My
case is that the device gets the cert from the CA, but when the
device attempt establish a tls connection, the pfx is required which
will contain the private key from the device.
I have used openssl to convert the pfx to .cert and .key. By only using the .cert part on
POSTMAN, I failed to connect to the server with 403. Only when I
include both .key and .cert the TLS 1.2 connection was established.
For the regular TLS (one-way), the private key will never be sent
from the server, but why is the client need to send pfx.
I understand that TLS handshake is done at the beginning of a session and is mainly about generating the symmetric key that is used to encrypt all later communications.
once the handshake is completed, then how often this handshake should happen (regenerate symmetric key) ?
where the symmetric key is stored on client side(browser) ?
how the server identifies the client on server side ?
My server may be attached to a RSA or ECDSA certificate.
In my code I set the prtocol method as
sslmethod = SSLv23_server_method();
and setting the cipher using the SSL_CTX_set_cipher_list() API.
The problem is when the server is attached to ECDSA certificate and if I pass "RSA" cipher SSL_CTX_set_cipher_list() does not return any error though "RSA" cipher is not compatible with ECDSA certificates.
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
If you author the app and own the server, then YES, you do know what to expect. But the general case is NO, you don't know in advance and you can't query for it. You try to setup a channel and if it fails, then you try something else.
Generally speaking, there's no way to know in advance what cipher suites a server supports; or what type of public key is bound in the server's certificate. In fact, there's no way to know what protocol versions (SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, etc) a server supports. Its the reason for RFC 7405, TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.
In 2016/2017, about the best you can do is assume:
No SSLv2, SSLv3; only TLS 1.0 and above
Cipher suites from the collection "HIGH:!aNULL:!kRSA:!RC4:!MD5"
"!kRSA" is "no RSA key transport", and it means you can only use ephemeral key exchanges. If a server has a RSA key, then it will only be used for authentication. That is, the key will be used to sign the server's ephemeral values during key exchange so the client knows they are authentic.
According to RFC client sends premaster secret encrypted with RSA public key of the server. But when they are using ECDHE as asymmetric algorithm, client key exchange message will contain the pulic key of the client. If this is the case ? when will the client send premaster secret and how ?
when will the client send premaster secret and how ?
It won't. See #8.1.2:
A conventional Diffie-Hellman computation is performed. The negotiated key(Z) is used as the pre_master_secret.