1. 一次 https 请求的数据包分析
数据请求过程
数据包内容
No Time Source Destination Protocol Length Info
48 2.080120 10.242.162.156 47.110.177.89 TCP 78 58060 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=565269159 TSecr=0 SACK_PERM=1
49 2.085357 47.110.177.89 10.242.162.156 TCP 74 443 → 58060 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1448 SACK_PERM=1 TSval=249235305 TSecr=565269159 WS=512
50 2.085477 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=1 Ack=1 Win=132096 Len=0 TSval=565269163 TSecr=249235305
51 2.097026 10.242.162.156 47.110.177.89 TLSv1.2 302 Client Hello
52 2.102920 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=1 Ack=237 Win=30208 Len=0 TSval=249235322 TSecr=565269174
53 2.114294 47.110.177.89 10.242.162.156 TLSv1.2 1502 Server Hello
54 2.114298 47.110.177.89 10.242.162.156 TLSv1.2 1502 Certificate [TCP segment of a reassembled PDU]
55 2.114299 47.110.177.89 10.242.162.156 TLSv1.2 410 Server Key Exchange, Server Hello Done
56 2.114366 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=237 Ack=3217 Win=128896 Len=0 TSval=565269189 TSecr=249235334
57 2.120173 10.242.162.156 47.110.177.89 TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
58 2.125814 47.110.177.89 10.242.162.156 TLSv1.2 117 Change Cipher Spec, Encrypted Handshake Message
59 2.125948 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=363 Ack=3268 Win=131008 Len=0 TSval=565269199 TSecr=249235346
60 2.126107 10.242.162.156 47.110.177.89 TLSv1.2 176 Application Data
61 2.170531 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=3268 Ack=473 Win=30208 Len=0 TSval=249235391 TSecr=565269199
62 2.173789 47.110.177.89 10.242.162.156 TLSv1.2 1495 Application Data
63 2.173794 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data
64 2.173797 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
65 2.173800 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
66 2.173802 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
67 2.173805 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
68 2.173807 47.110.177.89 10.242.162.156 TLSv1.2 71 Application Data
69 2.173961 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=473 Ack=11882 Win=122432 Len=0 TSval=565269246 TSecr=249235392
70 2.176431 10.242.162.156 47.110.177.89 TCP 66 [TCP Window Update] 58060 → 443 [ACK] Seq=473 Ack=11882 Win=131072 Len=0 TSval=565269247 TSecr=249235392
71 2.176509 10.242.162.156 47.110.177.89 TLSv1.2 97 Encrypted Alert
72 2.180664 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [FIN, ACK] Seq=504 Ack=11882 Win=131072 Len=0 TSval=565269251 TSecr=249235392
73 2.180712 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=11882 Ack=504 Win=30208 Len=0 TSval=249235401 TSecr=565269247
74 2.180715 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [FIN, ACK] Seq=11882 Ack=504 Win=30208 Len=0 TSval=249235401 TSecr=565269247
75 2.180771 10.242.162.156 47.110.177.89 TCP 66 [TCP Out-Of-Order] 58060 → 443 [FIN, ACK] Seq=504 Ack=11883 Win=131072 Len=0 TSval=565269251 TSecr=249235401
76 2.185759 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=11883 Ack=505 Win=30208 Len=0 TSval=249235406 TSecr=5652692511.1. No 48 ~ 50 : TCP 三次握手建立
48 2.080120 10.242.162.156 47.110.177.89 TCP 78 58060 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=565269159 TSecr=0 SACK_PERM=1
49 2.085357 47.110.177.89 10.242.162.156 TCP 74 443 → 58060 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1448 SACK_PERM=1 TSval=249235305 TSecr=565269159 WS=512
50 2.085477 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=1 Ack=1 Win=132096 Len=0 TSval=565269163 TSecr=249235305TCP 三次握手建立。其中 47.110.177.89 和 443 是服务端的地址和端口。
1.2. No 51 ~ 52 : Client Hello
51 2.097026 10.242.162.156 47.110.177.89 TLSv1.2 302 Client HelloTLS 握手阶段(Handshake)。
No51 是客户端发起 TLS 通信请求,该过程称为 Client Hello。发送的内容主要包括:支持的协议版本,生成的一个随机数,支持的加密方法和签名算法的密码套件(Cipher Suites),支持的压缩方法等内容。
- 客户端支持的TLS版本:
Version: TLS 1.2 (0x0303) - 客户端生成的随机数 RandomClient:
Random: bfc721b797cc514884774a9686a185b4c607bbeaa5f387584d6f1365cd4058e2 - 客户端支持的密码套件:
Cipher Suites (46 suites)
No52 是服务端收到请求后回复客户端的一个 TCP ACK 报文。
数据包 No51 的详细 TLS 字段内容
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 231
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 227
Version: TLS 1.2 (0x0303)
Random: bfc721b797cc514884774a9686a185b4c607bbeaa5f387584d6f1365cd4058e2
GMT Unix Time: Dec 16, 2071 21:35:51.000000000 CST
Random Bytes: 97cc514884774a9686a185b4c607bbeaa5f387584d6f1365cd4058e2
Session ID Length: 0
Cipher Suites Length: 92
Cipher Suites (46 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: Unknown (0xff85)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c4)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_GOSTR341001_WITH_28147_CNT_IMIT (0x0081)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00be)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 94
Extension: server_name (len=22)
Type: server_name (0)
Length: 22
Server Name Indication extension
Server Name list length: 20
Server Name Type: host_name (0)
Server Name length: 17
Server Name: www.zhaowenyu.com
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: secp384r1 (0x0018)
Extension: signature_algorithms (len=28)
Type: signature_algorithms (13)
Length: 28
Signature Hash Algorithms Length: 26
Signature Hash Algorithms (13 algorithms)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: Unknown Unknown (0xefef)
Signature Hash Algorithm Hash: Unknown (239)
Signature Hash Algorithm Signature: Unknown (239)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: Unknown Unknown (0xeeee)
Signature Hash Algorithm Hash: Unknown (238)
Signature Hash Algorithm Signature: Unknown (238)
Signature Algorithm: Unknown Unknown (0xeded)
Signature Hash Algorithm Hash: Unknown (237)
Signature Hash Algorithm Signature: Unknown (237)
Signature Algorithm: SHA224 RSA (0x0301)
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: SHA224 ECDSA (0x0303)
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_sha1 (0x0203)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
ALPN string length: 2
ALPN Next Protocol: h2
ALPN string length: 8
ALPN Next Protocol: http/1.1
[JA3 Fullstring [truncated]: 771,52393-52392-52394-49200-49196-49192-49188-49172-49162-159-107-57-65413-196-136-129-157-61-53-192-132-49199-49195-49191-49187-49171-49161-158-103-51-190-69-156-60-47-186-65-49169-49159-5-4-49170-49160-22-10-]
[JA3: 3f9dff6930516e5a0bbf135f1f64f6e3]1.3. No 53 : Server Hello
53 2.114294 47.110.177.89 10.242.162.156 TLSv1.2 1502 Server HelloTLS 握手阶段(Handshake)。
服务端发送 Server Hello
- 确认加密通信协议版本
- 服务端生成的随机数 RandomServer ,用来生成对话密钥。
- 确认使用哪种加密方法
No53 数据包的详细报文内容
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 104
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 100
Version: TLS 1.2 (0x0303)
Random: aa8ed58708d2b721e7599e1111ff50ab8923a34f14d016cf46d3e6dbd8475a76
GMT Unix Time: Sep 4, 2060 09:38:15.000000000 CST
Random Bytes: 08d2b721e7599e1111ff50ab8923a34f14d016cf46d3e6dbd8475a76
Session ID Length: 32
Session ID: ce510f008cfa3a7430c45fe3884b120d72bce74d930596d01a1f1ffd6476906c
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 28
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: application_layer_protocol_negotiation (len=11)
Type: application_layer_protocol_negotiation (16)
Length: 11
ALPN Extension Length: 9
ALPN Protocol
ALPN string length: 8
ALPN Next Protocol: http/1.1
[JA3S Fullstring: 771,49199,65281-11-16]
[JA3S: 1089ea6f0461a29006cc96dfe7a11d80]1.4. No 54 : Certificate
54 2.114298 47.110.177.89 10.242.162.156 TLSv1.2 1502 Certificate [TCP segment of a reassembled PDU]TLS 握手阶段(Handshake)。
服务端给客户发送证书。
由客户端来判断证书是否有效,如果无效会进行提示或终止通信。
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 2755
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 2751
Certificates Length: 2748
Certificates (2748 bytes)
Certificate Length: 1544
Certificate: 30820604308204eca00302010202100a2da7c1ec9d0fcc86c6c01171fbc05b300d06092a… (id-at-commonName=www.zhaowenyu.com)
signedCertificate
version: v3 (2)
serialNumber: 0x0a2da7c1ec9d0fcc86c6c01171fbc05b
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=Encryption Everywhere DV TLS CA - G1,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
RDNSequence item: 1 item (id-at-countryName=US)
RelativeDistinguishedName item (id-at-countryName=US)
Id: 2.5.4.6 (id-at-countryName)
CountryName: US
RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: DigiCert Inc
RDNSequence item: 1 item (id-at-organizationalUnitName=www.digicert.com)
RelativeDistinguishedName item (id-at-organizationalUnitName=www.digicert.com)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: www.digicert.com
RDNSequence item: 1 item (id-at-commonName=Encryption Everywhere DV TLS CA - G1)
RelativeDistinguishedName item (id-at-commonName=Encryption Everywhere DV TLS CA - G1)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: Encryption Everywhere DV TLS CA - G1
validity
notBefore: utcTime (0)
utcTime: 2021-08-21 00:00:00 (UTC)
notAfter: utcTime (0)
utcTime: 2022-08-21 23:59:59 (UTC)
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=www.zhaowenyu.com)
RDNSequence item: 1 item (id-at-commonName=www.zhaowenyu.com)
RelativeDistinguishedName item (id-at-commonName=www.zhaowenyu.com)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: www.zhaowenyu.com
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a02820101009187c3af5203bb48c4bb64b5c1b0ee1bb4345b306ce560837052bf…
modulus: 0x009187c3af5203bb48c4bb64b5c1b0ee1bb4345b306ce560837052bfccdb26ec24545344…
publicExponent: 65537
extensions: 9 items
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
keyIdentifier: 55744fb2724ff560ba50d1d7e6515c9a01871ad7
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: f9925915e31c4f9f9aa82f7f9f55b9a9bcb619b0
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 2 items
GeneralName: dNSName (2)
dNSName: www.zhaowenyu.com
GeneralName: dNSName (2)
dNSName: zhaowenyu.com
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 5
KeyUsage: a0
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..1. .... = keyEncipherment: True
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 items
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 1 item
PolicyInformation
policyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
policyQualifiers: 1 item
PolicyQualifierInfo
Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
DirectoryString: http://www.digicert.com/CPS
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
accessLocation: 6
uniformResourceIdentifier: http://ocsp.digicert.com
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G1.crt
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax [0 length]
Extension (SignedCertificateTimestampList)
Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
Serialized SCT List Length: 358
Signed Certificate Timestamp (Google 'Argon2022' log)
Serialized SCT Length: 117
SCT Version: 0
Log ID: 2979bef09e393921f056739f63a577e5be577d9c600af8f94d5d265c255dc784
Timestamp: Aug 21, 2021 15:32:08.449000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 70
Signature: 30440220327ec3fa29d503751169f120cc3056e655eee2742c4d49d978b318d53bfb63e8…
Signed Certificate Timestamp (DigiCert Nessie2022 Log)
Serialized SCT Length: 117
SCT Version: 0
Log ID: 51a3b0f5fd01799c566db837788f0ca47acc1b27cbf79e88429a0dfed48b05e5
Timestamp: Aug 21, 2021 15:32:08.385000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 70
Signature: 304402202f11ef4eba3cb9ab28b7bde34f49a44a367fd7abc520a9b67e74264d62381303…
Signed Certificate Timestamp (Cloudflare 'Nimbus2022' Log)
Serialized SCT Length: 118
SCT Version: 0
Log ID: 41c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f6
Timestamp: Aug 21, 2021 15:32:08.279000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 71
Signature: 3045022100e87e5ee0949dab7c29115ba409adacc2a8fd5c37bd9a51873abe0950ca5b33…
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 2d526673b7714fbe9af79454a5d7b12047e6052edde528cf92a68b10e8d4eb00983db1f8…
Certificate Length: 1198
Certificate: 308204aa30820392a00302010202100279ac458bc1b245abf98053cd2c9bb1300d06092a… (id-at-commonName=Encryption Everywhere DV TLS CA - G1,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-country
signedCertificate
version: v3 (2)
serialNumber: 0x0279ac458bc1b245abf98053cd2c9bb1
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=DigiCert Global Root CA,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
RDNSequence item: 1 item (id-at-countryName=US)
RelativeDistinguishedName item (id-at-countryName=US)
Id: 2.5.4.6 (id-at-countryName)
CountryName: US
RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: DigiCert Inc
RDNSequence item: 1 item (id-at-organizationalUnitName=www.digicert.com)
RelativeDistinguishedName item (id-at-organizationalUnitName=www.digicert.com)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: www.digicert.com
RDNSequence item: 1 item (id-at-commonName=DigiCert Global Root CA)
RelativeDistinguishedName item (id-at-commonName=DigiCert Global Root CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: DigiCert Global Root CA
validity
notBefore: utcTime (0)
utcTime: 2017-11-27 12:46:10 (UTC)
notAfter: utcTime (0)
utcTime: 2027-11-27 12:46:10 (UTC)
subject: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=Encryption Everywhere DV TLS CA - G1,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
RDNSequence item: 1 item (id-at-countryName=US)
RelativeDistinguishedName item (id-at-countryName=US)
Id: 2.5.4.6 (id-at-countryName)
CountryName: US
RDNSequence item: 1 item (id-at-organizationName=DigiCert Inc)
RelativeDistinguishedName item (id-at-organizationName=DigiCert Inc)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: DigiCert Inc
RDNSequence item: 1 item (id-at-organizationalUnitName=www.digicert.com)
RelativeDistinguishedName item (id-at-organizationalUnitName=www.digicert.com)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: www.digicert.com
RDNSequence item: 1 item (id-at-commonName=Encryption Everywhere DV TLS CA - G1)
RelativeDistinguishedName item (id-at-commonName=Encryption Everywhere DV TLS CA - G1)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: printableString (1)
printableString: Encryption Everywhere DV TLS CA - G1
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100b3de3fac2469be35772421ea629ca07aadde3448c56e4c0ef7fd43…
modulus: 0x00b3de3fac2469be35772421ea629ca07aadde3448c56e4c0ef7fd43288e47b55f1702ba…
publicExponent: 65537
extensions: 8 items
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 55744fb2724ff560ba50d1d7e6515c9a01871ad7
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
keyIdentifier: 03de503556d14cbb66f0a3e21b1bc397b23dd155
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 1
KeyUsage: 86
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .1.. = keyCertSign: True
.... ..1. = cRLSign: True
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 items
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax
cA: True
pathLenConstraint: 0
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 1 item
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
accessLocation: 6
uniformResourceIdentifier: http://ocsp.digicert.com
Extension (id-ce-cRLDistributionPoints)
Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
CRLDistPointsSyntax: 1 item
DistributionPoint
distributionPoint: fullName (0)
fullName: 1 item
GeneralName: uniformResourceIdentifier (6)
uniformResourceIdentifier: http://crl3.digicert.com/DigiCertGlobalRootCA.crl
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 2 items
PolicyInformation
policyIdentifier: 2.16.840.1.114412.1.2 (US company arc.114412.1.2)
policyQualifiers: 1 item
PolicyQualifierInfo
Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps)
DirectoryString: https://www.digicert.com/CPS
PolicyInformation
policyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 2b71a9ebf686abb68166cc5ffe843e4c3fc14b05b7014e044caf8641fda417361991bcb9…1.5. No 55 ~ 56 : Server Hello Done
55 2.114299 47.110.177.89 10.242.162.156 TLSv1.2 410 Server Key Exchange, Server Hello Done
56 2.114366 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=237 Ack=3217 Win=128896 Len=0 TSval=565269189 TSecr=249235334TLS 握手阶段(Handshake)。
服务端给客户端发送 Server Key Exchange,并完成 Server Hello Done。
客户端 TCP 回复 ACK。
No 55 的数据包内容
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 01.6. No 57 : Client Key Exchange, Change Cipher Spec
57 2.120173 10.242.162.156 47.110.177.89 TLSv1.2 192 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message客户端发起密钥套件协商请求
客户端完成证书校验手,使用 RandomClient + RandomServer 两个随机数生成一个通讯密钥。
该密钥用来给传输的数据(Data)进行对称加密。
生成的 RandomClient + RandomServer 使用证书中的公钥进行加密后发送给服务端。
详细
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 70
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 66
EC Diffie-Hellman Client Params
Pubkey Length: 65
Pubkey: 04a4479c1bbb27c4bf0048cbac1c24657abfd6a67e1723c1cf3fcd90ecfbf0bbc39af88e…
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message1.7. No 58 ~ 59 : Change Cipher Spec, Encrypted Handshake Message
58 2.125814 47.110.177.89 10.242.162.156 TLSv1.2 117 Change Cipher Spec, Encrypted Handshake Message
59 2.125948 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=363 Ack=3268 Win=131008 Len=0 TSval=565269199 TSecr=249235346No58 详细内容
Transport Layer Security
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message1.8. No 60 ~ 61
60 2.126107 10.242.162.156 47.110.177.89 TLSv1.2 176 Application Data
61 2.170531 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=3268 Ack=473 Win=30208 Len=0 TSval=249235391 TSecr=565269199发送一个测试数据?
1.9. No 62 ~ 70
60 2.126107 10.242.162.156 47.110.177.89 TLSv1.2 176 Application Data
61 2.170531 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=3268 Ack=473 Win=30208 Len=0 TSval=249235391 TSecr=565269199
62 2.173789 47.110.177.89 10.242.162.156 TLSv1.2 1495 Application Data
63 2.173794 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data
64 2.173797 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
65 2.173800 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
66 2.173802 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
67 2.173805 47.110.177.89 10.242.162.156 TLSv1.2 1502 Application Data [TCP segment of a reassembled PDU]
68 2.173807 47.110.177.89 10.242.162.156 TLSv1.2 71 Application Data
69 2.173961 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [ACK] Seq=473 Ack=11882 Win=122432 Len=0 TSval=565269246 TSecr=249235392
70 2.176431 10.242.162.156 47.110.177.89 TCP 66 [TCP Window Update] 58060 → 443 [ACK] Seq=473 Ack=11882 Win=131072 Len=0 TSval=565269247 TSecr=249235392数据传输与ACK确认
1.10. No 71 ~ 76
链接断开
71 2.176509 10.242.162.156 47.110.177.89 TLSv1.2 97 Encrypted Alert
72 2.180664 10.242.162.156 47.110.177.89 TCP 66 58060 → 443 [FIN, ACK] Seq=504 Ack=11882 Win=131072 Len=0 TSval=565269251 TSecr=249235392
73 2.180712 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=11882 Ack=504 Win=30208 Len=0 TSval=249235401 TSecr=565269247
74 2.180715 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [FIN, ACK] Seq=11882 Ack=504 Win=30208 Len=0 TSval=249235401 TSecr=565269247
75 2.180771 10.242.162.156 47.110.177.89 TCP 66 [TCP Out-Of-Order] 58060 → 443 [FIN, ACK] Seq=504 Ack=11883 Win=131072 Len=0 TSval=565269251 TSecr=249235401
76 2.185759 47.110.177.89 10.242.162.156 TCP 66 443 → 58060 [ACK] Seq=11883 Ack=505 Win=30208 Len=0 TSval=249235406 TSecr=565269251