Is there a public psk server to test tls handshake? - ssl

What I want is test tls handshake when psk is active.
I also want to see every http header exchanged during the connection between client (my laptop) and public server.
Now I am wondering if there is a public psk tls server where I can do my test.
Regards.

I doubt that there is a web server using PSK on the internet open for public testing. Also I doubt that browsers support PSK cipher suites. But you can setup your own web server using PSK with openssl:
openssl s_server -psk 1a2b3c4d -nocert -www
And the matching client:
openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d
As for the HTTP protocol: it is independent from the TLS layer, i.e. it does not change if PSK or the normal authentication with certificates is used.

Even if some public TLS Server were to support PSK, you won't be able to test your client with it. There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK.
Public Key Authentication:
Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key.
Pre-Shared key:
As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key.
So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients).
So, the best way for you is to use openssl's test client and server tools and test it.

Related

What determines the cipher suite?

I am using mbedtls on my TLS application. I've a question about the cipher suites.
When I debug my process, I get below lines from server side:
selected ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
What is the reason for selecting this CHACHA20-POLY1305 cipher ? Key? or certificate? or something else?
How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?
What is the reason for selecting this CHACHA20-POLY1305 cipher
The ciphers supported by the server and by the client, including their preferences. Thus it depends on client and server configurations and on their TLS stacks.
How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?
The RSA in the currently chosen cipher suite means that an RSA certificate was used for authentication. The ECDSA in the cipher you want means that the server needs to use a ECDSA certificate instead, i.e. you cannot achieve this with an RSA certificate.
Some servers can use both a RSA and ECDSA certificate in which case the choice of certificate depends again on client and server configuration regarding supported ciphers, preference etc.

Wireshark Decryption of TLS V1.2

I have traffic between clients (which send XML over HTTPS) to my IIS.
I tried to decrypt the traffic using Wireshark and the following settings:
Adding the private key:
But even after setting this, I can't see the decrypted data:
Should I change any other settings to see the original data?
There is strong possibility that a Diffie-Hellman (DH) key exchange is being used here. In that case Wireshark cannot decipher SSL/TLs with a private key. You can check for this in the handshake packet.
From the Docs:
The RSA private key file can only be used in the following
circumstances:
The cipher suite selected by the server is not using (EC)DHE.
The protocol version is SSLv3, (D)TLS 1.0-1.2. It does not work with TLS 1.3.
The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA)
certificate.
The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.

Apache httpd "Obsolete connection setting"

I have an existing server that is using the following setting.
The connection to this site uses TLS 1.2 (a strong protocol), RSA (an
obsolete key exchange), and AES_128_CBC with HMAC-SHA1 (an obsolete cipher).
If I want to change the key exchange and cipher, do I need to get a new certificate?
The cipher is (mostly) unrelated to the certificate. Given that you are using a RSA certificate (since otherwise RSA key exchange would not be possible) you can switch to ECDHE key exchange. And instead of AES-128-CBC you might use AES-128-GCM or AES-256. For useful configurations you might use the Mozilla SSL Configuration Generator.

What is the correct way to implement SSL?

I have a flask application(client) from where I need to send some data to a server(another flask application as of now) and get some corresponding data. I need to use REST because the server can be anything later(the current flask app is a dummy server for testing). I need to have SSL connection between client and server. I see that SSL works in several steps:
Client requests for an encrypted connection.
Server responds with an SSL Certificate which will have a public key.
Client verifies the SSL Certificate
Client creates a private key
Client encrypts the private key with the public key and sends it to the server.
Server decrypts it and gets the private key.
Thus an encrypted connection is established between client and server. Further exchange of data between client and server happens by encrypting the data with the private key.
This is what I am trying to achieve. Please correct me if I got the SSL concept wrong.
I have seen below implementation and works perfectly for me.
Client side uses requests.get() with verify=<path to server SSL certificate>. I have generated SSL certificate for server using openssl as follows.
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
But I don't think all the above 7 steps are being covered here. What is the actual way of implementing SSL? Any help would be appreciated.
Client requests for an encrypted connection.
Correct.
Server responds with an SSL Certificate which will have a public key.
Correct.
Client verifies the SSL Certificate
Correct.
Client creates a private key
Incorrect. It is already far too late for this to occur.
Client encrypts the private key with the public key and sends it to the server.
Incorrect. There is no such step. See RFC 2246 and successors.
Server decrypts it and gets the private key.
Incorrect, ditto.
Thus an encrypted connection is established between client and server.
Incorrect, ditto.
Further exchange of data between client and server happens by encrypting the data with the private key.
Incorrect, ditto. TLS works by (1) establishing trust via the server certificate and PKI; (2) optionally establishing trust via the client certificate; and (3) establishing a symmetric session key via a process of key negotiation, in which the actual session key is never transmitted.
This is what I am trying to achieve.
No it isn't. You are trying to establish a TLS connection. What it does is really very little concern of yours.
Please correct me if I got the SSL concept wrong.
You got it totally wrong.
I have generated SSL certificate for server using openssl as follows.
No you haven't. You have created a Certificate Signing Request (CSR). This is useless until you get it signed by a Certificate Authority (CA). It isn't an SSL certificate.
In the above method of implementation, client verifies the server's certificate for every rest call but I dont want to do this. I want to create an encrypted connection between client and server and then the further exchange of data should be encrypted. So, I think the initial creation of enrypted connection between client and server is missing. Also, the private key generation from client side is missing. I want to implement SSL and I think TLS is different from SSL. Correct me if I am wrong.
You are wrong. TLS supports session resumption, which allows for abbreviated handshakes, which eliminates the certificate exchange steps. The 'private key generation from client side' step is missing because it doesn't necessarily exist. You're guessing.

Determine protocol and cipher compatibility with server certificate

My server may be attached to a RSA or ECDSA certificate.
In my code I set the prtocol method as
sslmethod = SSLv23_server_method();
and setting the cipher using the SSL_CTX_set_cipher_list() API.
The problem is when the server is attached to ECDSA certificate and if I pass "RSA" cipher SSL_CTX_set_cipher_list() does not return any error though "RSA" cipher is not compatible with ECDSA certificates.
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
Is there any openssl API which I can use to find out if the cipher we are going to set is compatible with the certificate or with protocol or not?
If you author the app and own the server, then YES, you do know what to expect. But the general case is NO, you don't know in advance and you can't query for it. You try to setup a channel and if it fails, then you try something else.
Generally speaking, there's no way to know in advance what cipher suites a server supports; or what type of public key is bound in the server's certificate. In fact, there's no way to know what protocol versions (SSLv2, SSLv3, TLS 1.0, TLS 1.1, TLS 1.2, etc) a server supports. Its the reason for RFC 7405, TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks.
In 2016/2017, about the best you can do is assume:
No SSLv2, SSLv3; only TLS 1.0 and above
Cipher suites from the collection "HIGH:!aNULL:!kRSA:!RC4:!MD5"
"!kRSA" is "no RSA key transport", and it means you can only use ephemeral key exchanges. If a server has a RSA key, then it will only be used for authentication. That is, the key will be used to sign the server's ephemeral values during key exchange so the client knows they are authentic.