SSL/TLSについて⑥ SSLハンドシェイク
1.SSLハンドシェイクとは
1.1.概要
SSL/TLS通信を開始するためにはTCPの3ウェイハンドシェイクのあとにSSLハンドシェイクが行われます。どのようなSSL/TLSのどのバージョンを使用するか、Cipher Suitesの選択、証明書の交換・検証、共通鍵の生成なども行われます。
HTTPS接続でサーバーとクライアントの間で転送されるデータは暗号化されます。共通鍵暗号化方式の方が公開鍵暗号化方式よりも計算コストが少ないので、データの暗号化通信では共通鍵暗号化方式が使用されています。共通鍵暗号化方式を使用するには、両端に共通鍵が必要です。公開鍵暗号化方式で鍵を交換し、共通鍵暗号化方式で通信を暗号化します。
1.2.Cipher Suiteとは
SSL通信で使用する暗号化技術の組み合わせをまとめたものをCipher Suiteといいます。以下はLinux上でコマンドを実行した結果です。
# openssl ciphers -v
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
DH-RSA-AES256-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA256
DH-DSS-AES256-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DH-RSA-AES256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(256) Mac=SHA1
DH-DSS-AES256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
DH-RSA-CAMELLIA256-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(256) Mac=SHA1
DH-DSS-CAMELLIA256-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
DH-RSA-AES128-SHA256 TLSv1.2 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA256
DH-DSS-AES128-SHA256 TLSv1.2 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DH-RSA-AES128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=AES(128) Mac=SHA1
DH-DSS-AES128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DH-RSA-SEED-SHA SSLv3 Kx=DH/RSA Au=DH Enc=SEED(128) Mac=SHA1
DH-DSS-SEED-SHA SSLv3 Kx=DH/DSS Au=DH Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
DH-RSA-CAMELLIA128-SHA SSLv3 Kx=DH/RSA Au=DH Enc=Camellia(128) Mac=SHA1
DH-DSS-CAMELLIA128-SHA SSLv3 Kx=DH/DSS Au=DH Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
DH-RSA-DES-CBC3-SHA SSLv3 Kx=DH/RSA Au=DH Enc=3DES(168) Mac=SHA1
DH-DSS-DES-CBC3-SHA SSLv3 Kx=DH/DSS Au=DH Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
KRB5-IDEA-CBC-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=SHA1
KRB5-DES-CBC3-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=SHA1
KRB5-IDEA-CBC-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=IDEA(128) Mac=MD5
KRB5-DES-CBC3-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=3DES(168) Mac=MD5
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128) Mac=SHA1
ECDH-ECDSA-RC4-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
KRB5-RC4-MD5 SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=MD5
一列目の内容を使用して内容を説明します。
- ECDHE-RSA-AES256-GCM-SHA384:Cipher Suiteの名称
- TLSv1.2:SSL/TLSのバージョン
- Kx=ECDH:公開鍵暗号化方式
- Au=RSA:鍵認証時の暗号化方式
- Enc=AESGCM(256):共通鍵暗号化方式
- Mac=AEAD:メッセージ認証符号
2.SSLハンドシェイクの詳細
TCP 3ウェイハンドシェイクは完了しているものとします。
2.1.Client Hello
クライアントがサーバに対してSSLコネクションの開始を要求します。
Client HelloにはSSL/TLSのバージョンやCipher Suitesのリストが記載されています。
受信したサーバは、Cipher Suiteのリストを確認して暗号化方式を確定します。もしCipher Suiteのリスト内にサーバが認識できない、サポートしていない暗号化方式があった場合などは無視します。サーバが使用できる暗号化方式がClient HelloのCipher Suiteのリスト内にない場合は失敗のアラートを上げて、コネクションがクローズします。
以下はWireSherkでキャプチャしたClient Helloの内容です。
Ethernet II, Src: AsustekC_XX:XX:XX (08:62:66:XX:XX:XX), Dst: Vmware_XX:XX:XX (00:0c:29:XX:XX:XX)
Internet Protocol Version 4, Src: 192.168.XX.XX, Dst: 192.168.XX.XX
Transmission Control Protocol, Src Port: 51136, Dst Port: 443, Seq: 1, Ack: 1, Len: 197
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 192
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 188
Version: TLS 1.2 (0x0303) #クライアントが対応しているSSL/TLSバージョン
Random: a0c2c39f89971d0f62c98ca3244e031b6b0025d3c5ff71ce...
GMT Unix Time: Jun 21, 2055 00:37:03.000000000 東京 (標準時)
Random Bytes: 89971d0f62c98ca3244e031b6b0025d3c5ff71ce63c33e16...
Session ID Length: 0
Cipher Suites Length: 40
Cipher Suites (20 suites) #クライアントが対応しているCipher Suite
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 107
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: secp384r1 (0x0018)
Extension: SessionTicket TLS (len=0)
Type: SessionTicket TLS (35)
Length: 0
Data (0 bytes)
Extension: status_request (len=5)
Type: status_request (5)
Length: 5
Certificate Status Type: OCSP (1)
Responder ID list Length: 0
Request Extensions Length: 0
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
ALPN string length: 2
ALPN Next Protocol: h2
ALPN string length: 8
ALPN Next Protocol: http/1.1
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: signature_algorithms (len=48)
Type: signature_algorithms (13)
Length: 48
Signature Hash Algorithms Length: 46
Signature Hash Algorithms (23 algorithms)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
........(省略)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: DSA (2)
2.2.Server Hello,Server Certificate,Server Key Exchange,Certificate Request,Server Hello Done
サーバはClient HelloのCipher Suitesが問題ない場合、Server Helloを返します。以下の情報が含まれています。
- Server Hello
- Server Certificate
- Server Key Exchange(省略可)
- Certificate Request(省略可)
- Server Hello Done
Server HelloではClient Helloで送付されたSSL/TLSのバージョンから1つのバージョンとCipher Suiteから1つの暗号化方式を選択して送付します。
Server Certificateでサーバはサーバ証明書をクライアントに送信します。
Server Key Exchangeでは一時的なRSA鍵を生成してサーバの署名を付けて送信します。サーバが証明書を保有していない場合、Server Certificateで公開鍵が含まれていない場合の代替として使用します。
Certificate Requestではクライアント証明書をクライアントに要求する場合に使用されます。
Server Hello Doneではサーバ側から送信する情報が送信されたことをクライアントに通知します。
Ethernet II, Src: Vmware_XX:XX:XX (00:0c:29:XX:XX:XX), Dst: AsustekC_XX:XX:XX (08:62:66:XX:XX:XX)
Internet Protocol Version 4, Src: XX:XX:XX.XX, Dst: XX:XX:XX.XX
Transmission Control Protocol, Src Port: 443, Dst Port: 51136, Seq: 1, Ack: 198, Len: 1271
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303) #TLSのバージョン
Length: 61
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 57
Version: TLS 1.2 (0x0303)
Random: 8d9cf0959b23ec35daf4070cfc8e4e09ded3bcfafa54e041...
GMT Unix Time: Apr 15, 2045 21:37:41.000000000 東京 (標準時)
Random Bytes: 9b23ec35daf4070cfc8e4e09ded3bcfafa54e0418f0d7a73...
Session ID Length: 0
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) #使用するCipher Suite
Compression Method: null (0)
Extensions Length: 17
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Extension: SessionTicket TLS (len=0)
Type: SessionTicket TLS (35)
Length: 0
Data (0 bytes)
TLSv1.2 Record Layer: Handshake Protocol: Certificate #サーバ証明書の送信、読み飛ばして良い
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 853
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 849
Certificates Length: 846
Certificates (846 bytes)
Certificate Length: 843
Certificate: 308203473082022fa003020102020103300d06092a864886... (id-at-commonName=www.test.co.jp,id-at-organizationName=test inc,id-at-stateOrProvinceName=Tokyo,id-at-countryName=JP)
signedCertificate
version: v3 (2)
serialNumber: 3
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 5 items (id-at-commonName=test.co.jp,id-at-organizationName=test inc,id-at-localityName=Default City,id-at-stateOrProvinceName=Tokyo,id-at-countryName=JP)
RDNSequence item: 1 item (id-at-countryName=JP)
RelativeDistinguishedName item (id-at-countryName=JP)
Id: 2.5.4.6 (id-at-countryName)
CountryName: JP
RDNSequence item: 1 item (id-at-stateOrProvinceName=Tokyo)
RelativeDistinguishedName item (id-at-stateOrProvinceName=Tokyo)
Id: 2.5.4.8 (id-at-stateOrProvinceName)
DirectoryString: uTF8String (4)
uTF8String: Tokyo
RDNSequence item: 1 item (id-at-localityName=Default City)
RelativeDistinguishedName item (id-at-localityName=Default City)
Id: 2.5.4.7 (id-at-localityName)
DirectoryString: uTF8String (4)
uTF8String: Default City
RDNSequence item: 1 item (id-at-organizationName=test inc)
RelativeDistinguishedName item (id-at-organizationName=test inc)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: test inc
RDNSequence item: 1 item (id-at-commonName=test.co.jp)
RelativeDistinguishedName item (id-at-commonName=test.co.jp)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: test.co.jp
validity
notBefore: utcTime (0)
utcTime: 19-02-17 12:02:11 (UTC)
notAfter: utcTime (0)
utcTime: 29-02-14 12:02:11 (UTC)
subject: rdnSequence (0)
rdnSequence: 4 items (id-at-commonName=www.test.co.jp,id-at-organizationName=test inc,id-at-stateOrProvinceName=Tokyo,id-at-countryName=JP)
RDNSequence item: 1 item (id-at-countryName=JP)
RelativeDistinguishedName item (id-at-countryName=JP)
Id: 2.5.4.6 (id-at-countryName)
CountryName: JP
RDNSequence item: 1 item (id-at-stateOrProvinceName=Tokyo)
RelativeDistinguishedName item (id-at-stateOrProvinceName=Tokyo)
Id: 2.5.4.8 (id-at-stateOrProvinceName)
DirectoryString: uTF8String (4)
uTF8String: Tokyo
RDNSequence item: 1 item (id-at-organizationName=test inc)
RelativeDistinguishedName item (id-at-organizationName=test inc)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: test inc
RDNSequence item: 1 item (id-at-commonName=www.test.co.jp)
RelativeDistinguishedName item (id-at-commonName=www.test.co.jp)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: www.test.co.jp
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey: 3082010a0282010100be8f84e278ef1cbcdf719cb16957b1...
modulus: 0x00be8f84e278ef1cbcdf719cb16957b185185cd7a005c138...
publicExponent: 65537
extensions: 1 item
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 2 items
GeneralName: dNSName (2)
dNSName: test.co.jp
GeneralName: dNSName (2)
dNSName: *.test.co.jp
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 3a736d642a393d78dbd219a05326b3bdf77e80a2c835be28...
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange #ECDHEを使用しているため、サーバ側の共通鍵の送信
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 333
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 329
EC Diffie-Hellman Server Params
Curve Type: named_curve (0x03)
Named Curve: secp256r1 (0x0017)
Pubkey Length: 65
Pubkey: 0458b7a49226cb09596a651985d5c7e613da3a218557a795...
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Length: 256
Signature: 9fae3a95e3e856223aaa3b31a58e5e05e93a3cafe5f70eef...
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done #Server Helloの完了
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
2.3.ClientKeyExchange,ClientCertificate,CertificateVerify,ChangeCipherSpec,Finished
証明書を受信したクライアントは、証明書の正当性をルート証明書を使用して検証します。検証が問題なく完了すると、公開鍵を取り出します。
以下の情報が含まれています。
- ClientKeyExchange
- ClientCertificate(省略可)
- CertificateVerify(省略可)
- ChangeCipherSpec
ClientKeyExchange ではRSAの場合クライアントはPre-Master Secretを生成し、DHEやECDHEの場合は共通値を生成し送信します。DHEやECDHEの場合はサーバ側で生成した共通値とクライアント側で生成した共通値を元にPre-Master Secretをクライアント側、サーバ側のそれぞれで生成します。
ClientCertificateではCertificate Requestをクライアントから受信した場合に証明書を送信します。
CertificateVerifyではクライアント証明書を送信した場合に、秘密鍵があることを証明するための署名を送信します。
ChangeCipherSpec では無暗号化通信が終了したことを送信します。
Ethernet II, Src: AsustekC_XX:XX:XX (08:62:66:XX:XX:XX), Dst: Vmware_XX:XX:XX (00:0c:29:XX:XX:XX)
Internet Protocol Version 4, Src: XX.XX.XX.XX, Dst: XX.XX.XX.XX
Transmission Control Protocol, Src Port: 51136, Dst Port: 443, Seq: 198, Ack: 1272, Len: 126
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange #ClientKeyExchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 70
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 66
EC Diffie-Hellman Client Params
Pubkey Length: 65
Pubkey: 04fd64e92a34b6c46357f68b9f7ed7c8b07cdbb81e2dc91a...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec #ChangeCipherSpec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
2.4. ChangeCipherSpec
以下の情報が含まれています。
- ChangeCipherSpec
ChangeCipherSpec では無暗号化通信が終了したことを送信します。
Ethernet II, Src: Vmware_XX:XX:XX (00:0c:29:XX:XX:XX), Dst: AsustekC_XX:XX:XX (08:62:66:XX:XX:XX)
Internet Protocol Version 4, Src: XX.XX.XX.XX, Dst: XX.XX.XX.XX
Transmission Control Protocol, Src Port: 443, Dst Port: 51136, Seq: 1272, Ack: 324, Len: 258
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: New Session Ticket
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 202
Handshake Protocol: New Session Ticket
Handshake Type: New Session Ticket (4)
Length: 198
TLS Session Ticket
Session Ticket Lifetime Hint: 300 seconds (5 minutes)
Session Ticket Length: 192
Session Ticket: 9279ba948314a9ff957a530421bd544ef1d157b4f254d1d1...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec #ChangeCipherSpec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
2.5.暗号化通信開始
この後は生成された共通鍵を使用して暗号化通信を行います。
SSL/TLSについて① SSL/TLS通信の概要 - インフラエンジニア勉強雑記
SSL/TLSについて② SSLの通信フロー - インフラエンジニア勉強雑記
SSL/TLSについて③ 証明書とは - インフラエンジニア勉強雑記
SSL/TLSについて④ 証明書の発行方法、ルート証明書のインポート方法 - インフラエンジニア勉強雑記