http

  1. TCP [SYN] [SYN,ACK] [ACK] 三次握手

  2. 数据传输

  3. 断开连接

点击显示源代码


>> curl -verbose http://www.baidu.com                                                                                   
 
* Rebuilt URL to: http://www.baidu.com/
*   Trying 115.239.210.27...
* TCP_NODELAY set
* Connected to www.baidu.com (115.239.210.27) port 80 (#0)
> GET / HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/7.54.0
> Accept: */*
> Referer: rbose
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Connection: Keep-Alive
< Content-Length: 2381
< Content-Type: text/html
< Date: Mon, 30 Jul 2018 17:00:02 GMT
< Etag: "58860505-94d"
< Last-Modified: Mon, 23 Jan 2017 13:28:37 GMT
< Pragma: no-cache
< Server: bfe/1.0.8.18
< Set-Cookie: BDORZ=27315; max-age=86400; domain=.baidu.com; path=/
<
  html - content
>
* Connection #0 to host www.baidu.com left intact

server clinet https

  1. TCP [SYN] [SYN,ACK] [ACK] 三次握手

  2. TLS (Transport Layer Security) [SSL 升级版]

    ALPN (Extension)

    Application-Layer Protocol Negotiation 应用层协议协商, 是一个进行应用层协议协商的传输层安全协议(TLS)扩展

    2.1 server 提供支持的传输协议 h2 http/1.1

    OpenSSL

    2.2 server 提供支持的加密方式 ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

    2.3 本地CAFile 路径设置 /etc/ssl/cert.pem 用于校验服务器证书

    TSL Handshake

    2.4 Client Hello (Send Cryptographic Information)

    • 客户端按优先级排列的支持的 SSL/TLS 版本
    • 客户端支持的CipherSuite(密码套件)
    • 一个随机数字符串 (用以后续计算)

    2.5 Server hello

    • 服务器选择的CipherSuite(密码套件)
    • session ID
    • 另外一个随机书字符串 (用以续计算)

    2.6 Certificate

    • 服务器证书信任链 (从服务器的证书一直链到【CA根证书,或者自签名(self-sign)证书】)

    2.7 Server key exchange

    • Diffie-Hellman parameters: 产生一个比较大的秘密整数 a, 以及一个base point 整数 g 以及一个非常大的质数 p (通常为 1024bit 整数) 计算 server pubKey = g ^ a
    • Diffie-Hellman parameters 的 hash签名

    2.8 Server finished

    • 发送server结束消息 等待client输入

    2.9 Client key exchange

    • 产生一个比较大的秘密整数 b 计算出的 client pubKey = g ^ b

    2.10 (OUT), TLS change cipher, Client hello

    • 告诉server, client 接下来的 message 将会是 加密握手信息 (Encrypted Handshake Message)

    2.11 (OUT), TLS handshake, Finished

    • 通过server pubKey 计算出来的私钥 发送message 通知 server, client部分handshake已经完成

    2.12 (IN), TLS change cipher, Client hello

    • 告诉client, server 接下来的 message 将会是 加密握手信息 (Encrypted Handshake Message)

    2.13 (IN), TLS handshake, Finished

    • 通过client pubKey 计算出来的私钥 发送message 通知 client, server部分handshake已经完成

点击显示源代码

>> curl -verbose https://www.apple.com                                                
* Rebuilt URL to: https://www.apple.com/
*   Trying 122.224.45.229...
* TCP_NODELAY set
* Connected to www.apple.com (122.224.45.229) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; OU=Internet Services for Akamai; CN=www.apple.com
*  start date: May  9 00:00:00 2018 GMT
*  expire date: Mar 25 12:00:00 2019 GMT
*  subjectAltName: host "www.apple.com" matched cert's "www.apple.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.apple.com
> User-Agent: curl/7.54.0
> Accept: */*
> Referer: rbose
>
< HTTP/1.1 200 OK
< Server: Apache
< Content-Length: 64696
< Content-Type: text/html; charset=UTF-8
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
< Cache-Control: max-age=0
< Expires: Mon, 30 Jul 2018 16:53:06 GMT
< Date: Mon, 30 Jul 2018 16:53:06 GMT
< Connection: keep-alive
<

html - content

加密套件

CipherSuite 一套加密算法 用于 SSL/TLS 连接. 一个套件由4个独立的算法组成

  • Key exchange algorithm (handshake时使用)【密钥交换算法】
  • Authentication algorithm (handshake时使用)【认证算法】
  • Encryption algorithm (传输通信数据时加密数据)【加密传输算法】
  • MAC (Message Authentication Code) algorithm(用于生成message的信息摘要)【hash签名算法】

apple.com使用的加密套件

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
  • Key exchange algorithm: ECDH

  • Authentication algorithm: RSA

  • Encryption algorithm: AESGCM(256)

  • MAC algorithm: AEAD (由于使用了 GCM模式的AES 所以不需要MAC algorithm)

获取加密套件列表

> openssl ciphers 'EECDH+AESGCM:+EECDH+AES256:ALL:-RSA+3DES:!DH:!PSK:!KRB5:!MD5:!RC4:!aNULL:!EXP:!LOW:!SSLV2:!NULL'

 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
          0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
          0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
          0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
          0xC0,0x14 - ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
          0xC0,0x0A - ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
          0xC0,0x22 - SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
          0xC0,0x21 - SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
          0xC0,0x20 - SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
          0xC0,0x32 - ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2E - ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
          0xC0,0x2A - ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
          0xC0,0x26 - ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
          0xC0,0x0F - ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
          0xC0,0x05 - ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
          0x00,0x9D - AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
          0x00,0x3D - AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
          0x00,0x35 - AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
          0x00,0x84 - CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
          0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
          0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
          0xC0,0x13 - ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
          0xC0,0x09 - ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
          0xC0,0x1F - SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
          0xC0,0x1E - SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
          0xC0,0x1D - SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
          0xC0,0x31 - ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
          0xC0,0x2D - ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
          0xC0,0x29 - ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
          0xC0,0x25 - ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
          0xC0,0x0E - ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
          0xC0,0x04 - ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
          0x00,0x9C - AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
          0x00,0x3C - AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
          0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
          0x00,0x96 - SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
          0x00,0x41 - CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
          0x00,0x07 - IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
          0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
          0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
          0xC0,0x1C - SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
          0xC0,0x1B - SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
          0xC0,0x1A - SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=SRP  Enc=3DES(168) Mac=SHA1
          0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
          0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1

相关名词

TLS/SSL

TLS(Transport Layer Security) 的前身是 SSL,TCP/IP 协议栈中运行在 TCP 之上, 用来交换密钥并形成一个加密层(Record Layer)。 TLS 是 HTTPS 的核心协议,HTTPS 交互与 HTTP 交互的主要区别就在这一层。

TLS Handshake (TSL 握手协议)

TLS握手协议处理对等用户的认证,在这一层使用了公共密钥和证书,并协商算法和加密实际数据传输的密钥,该过程在TLS记录协议之上进行。TLS握手协议是TLS协议中最复杂的部分,它定义了10种消息,客户端和服务器利用这10种消息相互认证,协商哈希函数和加密算法并相互提供产生加密密钥的机密数据。

证书校验 生成对称密钥

TLS Record (TSL 记录协议)

TLS记录协议位于TLS握手协议的下面,在可靠的传输协议(如TCP/IP)上面。TLS记录协议的一条记录包含长度字段、描述字段和内容字段。TLS记录协议处理数据的加密。

对称加密数据传输

ALPN/NPL

ALPN(Application-Layer Protocol Negotiation)也是 TLS 层的扩展,用于协商应用层使用的协议 (h2, http/1.1)。

引用

https-protocols

百科TLS https IBM SSL/TLS Overview

IBM CipherSpecs and CipherSuites

aliyun 密钥套件

SSL handshake

TLS Message

Diffie-Hellman key exchange

HMAC HMAC

AEDA

GCM