A Little SSL/TLSdetailyang@gmail.com

2017/03/09

SSL Secure Sockets Layer, Netscape1994, Web

TLS Transport Layer Security, 1999 RFC 2246 SSL 3.0

SSL TLS TLS

TLS OpenSSLGoogle BoringSSLOracle JSSEAmazon S2nMicrosoft SChannelApple Secure Transport

TLS TLS .

record layerchange_cipher_spec

record layeralert

record layerhandshake

record layerapplication_data

struct { uint8 major, minor; } ProtocolVersion;

enum { change_cipher_spec(20), alert(21), handshake(22), application_data(23), (255) } ContentType;

struct { ContentType type; ProtocolVersion version; uint16 length; opaque fragment[TLSPlaintext.length]; } TLSPlaintext;

TLS

Client Hello

Client Hello

Cipher Suite

Server Name

Server Hello

Server Hello

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS

cipher suite

cipher suite 4

1. key exchange algorithm () 2. authentication method () 3. bulk encryption cipher () 4. message authentication code () 5. pseudorandom function

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

: ECDHE : RSA : AES_128_GCM MAC SHA256

cipher suite IANA

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-

parameters-4

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

Server Certificate

Chrome Firefox mozilla https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt Linux /etc/ssl/certs/ca-bundle.trust.crt https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txthttps://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txthttps://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txthttps://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txthttps://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txthttps://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Certificate Request( (Client Certificate)

Server Key Exchange Message

Server Certificate premaster secret

Server Hello Done

Client Certificate()

Client Key Exchange Message

Encrypted Handshake Message

Change Cipher Spec Protocol

Application Data

TLS Application Data

master key

master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random)

ClientHello.random ServerHello.random pre_master_secret

RSA

pre_master_secret, pre_master_secret.

TLS

RSA

pre master key (Forward Secrecy), HTTP2 SSL Perfect Forward Secrecy

DH

pre master key, DH DH pre master key pre master key

SSLKEYLOGFILE

TLS master key wireshark TLS

TLS

1. 2. 3. 4. TLS

1.

2. ECC

ECCElliptic Curve Cryptography256 ECC Key 3072 RSA Key.

ECC

1. ECC 2.

ARM ChaCha20-Poly1305 ARM

intel AES-GCM Intel AES NIAdvanced Encryption Standard new instructions x86 AES

1. TLS session id

session id

2. TLS session ticket

session ticket session ticket

TLS

RTT

False Start

TLS False Start

ChromeFirefoxNPN/ALPN cipher suite Forward Secrecy

OCSP Stapling OCSP CRL

TLS 1.3 Chrome Firefox TLS 1.3