SSL Handshake Messages with Client Authentication
Q
How to get SSL Handshake Messages that use client Authentication?
✍: FYIcenter
A
You can get SSL Handshake Messages that use client Authentication as shown below:
1. Open command window and run SslServerCmd.java with client certificate authentication turned on:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=client_crt.jks SslServerCmd 8080 Yes USAGE: java SslServerCmd [port [clientAuth]] Listening: port=8080, clientAuth=Yes
2. Open another command window and run SslServerCmd.java with system property javax.net.debug turned on:
\fyicenter>\local\jdk-1.8.0\bin\java -Djavax.net.ssl.trustStore=server_crt.jks -Djavax.net.debug=ssl:handshake:data SslClientCertificateCmd localhost 8080 /index.html HTTP/1.0 200 OK Content-Type: text/html Content-Length: 40
3. Open the SSL debug log file:
\fyicenter>edit ssl.log
*** ClientHello, TLSv1.2
[write] MD5 and SHA1 hashes: len = 207
0000: 01 00 00 CB 03 03 59 50 57 CA 27 7E 86 01 82 F3 ......YPW.'.....
... (Client Hello message)
main, WRITE: TLSv1.2 Handshake, length = 207
main, READ: TLSv1.2 Handshake, length = 1494
*** ServerHello, TLSv1.2
[read] MD5 and SHA1 hashes: len = 81
... (Server Hello message)
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=fyicenter.com, OU=FYIcenter, O=FYIcenter, L=FYI, ST=FYI, C=FR
...
[read] MD5 and SHA1 hashes: len = 444
... (Server certificate)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Cert Authorities:
<CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR>
[read] MD5 and SHA1 hashes: len = 135
... (Certificate Request for client authentication)
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00
... (Server Hello Done message, 4 bytes only)
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR
...
*** ClientKeyExchange, DH
DH Public key: { 108, 150, 133, 85, 151, 77, 108, 62, 255, 70, 227, 231, 247, 165, 165, 14, 33, 126, 37, 167, 248, 27, 92, 167, 84, 94, 73, 240, 57, 105, 4, 78, 100, 152, 219, 201, 86, 190, 145, 2, 204, 195, 90, 108, 255, 1, 176, 105, 38, 119, 17, 116, 30, 99, 197, 135, 179, 187, 1, 50, 34, 92, 220, 98, 119, 174, 118, 59, 79, 71, 196, 37, 39, 72, 145, 13, 99, 220, 172, 200, 125, 149, 212, 103, 33, 174, 193, 43, 124, 118, 157, 157, 85, 250, 6, 248, 73, 120, 23, 161, 248, 203, 230, 177, 141, 208, 31, 23, 55, 48, 139, 248, 128, 224, 189, 2, 102, 197, 154, 150, 52, 23, 246, 180, 139, 61, 179, 111 }
[write] MD5 and SHA1 hashes: len = 942
... (Client Key Exchange)
main, WRITE: TLSv1.2 Handshake, length = 942
*** CertificateVerify
Signature Algorithm SHA1withDSA
[write] MD5 and SHA1 hashes: len = 54
... (Certificate Verify message)
main, WRITE: TLSv1.2 Handshake, length = 54
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
[write] MD5 and SHA1 hashes: len = 16
*** Finished
[read] MD5 and SHA1 hashes: len = 16
main, WRITE: TLSv1.2 Application Data, length = 80
main, READ: TLSv1.2 Application Data, length = 160
2018-06-12, 1462👍, 0💬
Related Topics:
