ssl handshake protocol wireshark,How SSL works tutorial

Quick but great video. This helped me understand an issue where a client was trying to establish a connection with SSLv2 instead of using TLSv1, so we were dropping their session.

culturataco

Great job with this tutorial. It helped me to quickly troubleshoot a "certificate unknown" error.

drodd

Thanks Zariga, great job, I appreciate it.

davidr.flores

It was really nice introduction about the TLS, but i want know when already cipher suite negotiation done in server hello itself then why change cipher spec required?

arunmishra

Thanks Zariga. Very nice explanation. The wireshark demonstration helped alot. (Y)

mohammedaamerhussain

Very nice video Zariga - quick and to the point :-)
There is however one thing I am missing (and the reason I was searching for a video like this on Youtube) - that is how the pre-master secret gets turned into a session key without any more packets being exchanged after the pre-master secret has been presented to the server by the client?



1: Client Hello

2: Server Hello

3: Server presents its public key

4: Client might check validity of servers certificate

5: Client generates a pre-master secret

6: Clients starts to use session key (Encrypted Handshake Message)

7: Clients sends pre-master secret to server encrypted with server's public key

8: Server decrypts pre-master and turns it into session key.

Voila! All of a sudden both client and server has turned this pre-master secret into a session key! Do you know how this happens? Do both ends use some algorithm that take the pre-master secret and maybe some other piece of previously exchanged information as input to produce this session key?



Have yet to have this question answered :-)

skjalglandsem

Hello,

On our application, we have implemented SSL over RMI.

Using WireShark, we are able to capture and see RMI packets when making RMI client/server calls.

Testing ciphers and protocols, we use OpenSSL. With this, we are able to see Ciphers and Protocols used during the handshake. Same we are able to see with WireShark.

However, we are not able to tell on the RMI packets that we capture with WireShark that the SSL layer has now been introduced, and calls are secured. There is no information about this. All that is there is RMI packets, with normal input/output stream messages (Call, Ping, DgcAck, PingAck, ReturnData) showing encrypted data. This was the same before the SSL implementation.

Anyone, please advise if there is a way you have tested this, and how if you have?

We have no logs nor screenshots to include. Please advise if you require any, to assist with this question.

Regards,
-

MalusiShepherdNinela

Is it possible to attack in the middle of a pre-master secret exchange since it's being encrypted using the public key? What is secretive about the communication between the client and the server if only the public key is being used to encrypt the data during the master key generation. When does the private key come into play? Great video but I'd love some info on why it's not possible to decrypt this traffic by a malicious person in the middle if they are seeing the master key exchange and they know how to decrypt that key exchange using the public key?

rush

Nice video.. you could have elaborated on how keys are changed private and public

ctpdvic

Good about info on how RSA handshake works using wireshark

vivekcode

How do we create a certificate using this information in order to decrypt traffic in a man in the middle attack

Ale-mu

i would suggest you to go through the packets first and understand properly rather than just opening every packet and just reading it.

.aniketmatkar

What do i need to do to gather the secrets in a log file through arp spoofing and using Wireshark the log file diesnt generate secrets

Ale-mu