Establish TLS Connection And Sending Data

Transport Layer Security

The TLS protocol is the successor of the Secure Socket Layer (SSL)

Used for secure network communication and serves as the basis for higher level protocols like HHTTPS and SMTPS

Provides secure communication

The current version TLS 1.3 provides the following aspects of security:

Privacy or confidentiality of transmitted user data using symmetric encryption
Integrity and authencity of transmitted user data, protection against tampering, using authenticated encryption or Message Authetnication Code (MAC)
Peer identity proof and protection against Man in the Middle (MITM) attacks using X.509 certificates.
Perfect Forward Secrecy (PFS) using Ephemeral Diffie-Hellman (DHE) or Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) key exchange.

⚠️

PFE Key exchange or key agreement in TLS is a process of agreeing on a symmetric encryption key that will be used for encrypting user data in a TLS session. The oldest key exchange method is RSA key exchange. The newer method is the Diffie-Hellman Key Exchange, where both client and server have an symmetric keypair and derive a symmetric key from theor own private key and the peer’s public key. When such a non-PFS key exchange method is used the server certificate keypair is used for both authentication and key exchange. In such cases if an attacker has recorded a TLS session and later stolen the server cert private key then attacker can use it to recover the symmetric session key. When a PFS key exchagne method such as DHE or ECDHE is used the client and the server generate temporary ephemeral keypairs for exchange. Those keypairs are only needed for key exchange and can be destroyed after that. In such cases even if the server certificate key gets stolen the attacker will not be able to decrypt the TLS session, because they will not have any ephemeral private key from that TLS session.

TLS ususally runs on top of a reliable transport protocol such as TCP.
TLS is used with an app layer protocol such as HTTP
HTTPS protocol is HTTP running on top of TLS
SMTPS is SMTP running on top of TLS
A modification of TLS, called Datagram Transport Layer Security (DTLS) is designed for running on top of an unreliable transport protocol such as UDP.
OpenVPN can use both DTLS over UDP and TLS over TCP.

TLS Handshake

Client sends the list of TLS protocol versions and the cipher suites that client supports.

TLS 1.3 cipher suite name is a compund value like, TLS_AES_256_GCM_SHA384 or TLS_CHACHA20_POLY1305_SHA256. It identifies a symmetric encryption algorithm such as AES_256 or CHACHA20, a block cipher operations mode such as GCM or an encryption authentication method such as POLY1305 and a cryptographic hash function such as SHA384

TLS 1.3 only supports Authenticated Encryption with Associated Data (AEAD) modes. Older TLS versions support non-authenticted encryption modes in which case the Hash-Based Message Authentication Code (HMAC) algorithm is used to authenticate the encrypted data.

Server choses the highest protocol version and the preferred TLS cipher suite that both the client and the server support. If there are no mutually supported protocol version or cipher suite, the handshake fails.

Server sends its X.509 cert possibly with other certs that will help build the cert signing chain. Client verifies the server cert using a possessed trusted cert of a Certificate Authority (CA). Client also checks if cert subject fiekd matches the server hostname.

Server signs a small amount of data received from the client with the server’s private key which corresponds to the public key contained in the server cert. The client verifies the signature. This way server proves that it owns the cert.

Optionally, the client sends its own cert and the server verifies it.

If the client has send its cert, the client also proves that it is the owner of the cert in a similar way.

Client and Server then negotiate the symmetric session key and the initialisation vector (IV) to be used for the encryption of the user data that will be sent over the TLS protocol.

Client and Server use a key exchange and key agreement algorithm such as ECDHE for agreeing on a handshake secret also known as a pre-master secret.

Then both cliend and server use a Pseudorandom function for example the HMAC Based Key Derivation Function (HKDF) for generating the master secret and then the session key and the IV.

Alternatively client can also request the reuse of a saved handshake secret from a previous session, saving computational resources.

Client and Server exchange data for TCP exstensions that they would like to use like, Server Name Indication (SNI) or pre_shared_key.

SNI is an extension to the TLS protocol. It allows a client to indicate which hostname it is attempting to connect to at the start of the TLS handshake process. This is particularly useful in hosting multiple SSL/TLS certificates on a single IP address, as it allows the server to present the correct certificate for the hostname requested by the client.

PSK is a mechanism used in the TLS protocol where the client and server use a shared secret that was established out-of-band to authenticate and secure the communication. This can help reduce the computational overhead of the TLS handshake and is often used in resource-constrained environments.

Finally client and server authenticate all previously sent handshaking messages with HMAC. If the HMAC verification fails the handshake is considered to have failed and the connection is aborted.

What Happens After TLS Handshake

Client and Server send data to each other encapsulated into TLS Records.

Transmitted data is encrypted with the session and authenticated either by an authenticated encryption tag or by HMAC if an older TLS version is used.

The receiving party checks the authentication of each TLS record and aborts the connection if an authenticity verification error is detected.

When one part detects such an error, it alerts the other party of it using the TLS Alert Message.

One possible alert message is close_notify.

Used for a proper shutdown of the TLS connection
Notifies the other party that it is closing its writing part of the TLS connection and will not send more data.

TLS protocol specs mandate that both client and server send close_notify when the TLS connection has come to it’s logical end.

The underlying TCP connection must be closed spearately after the TLS connection closure.

TLS 1.3 also supports in some cases zero round-trip time (0-RTT) handshaking mode, which allows the TLS client to send encrypted user data in the first data flight from the client to the server if an earlier TLS session can be reused.

Establishing TLS Client Connection

There is an HTTPS serveron the internet to use as an example; https://example.org

Let’s connect to it via TLS and get its homepage:


openssl s_client -connect example.org:443


~/opensslcodes:openssl s_client -connect example.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
   i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 30 00:00:00 2024 GMT; NotAfter: Mar  1 23:59:59 2025 GMT
 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHbjCCBlagAwIBAgIQB1vO8waJyK3fE+Ua9K/hhzANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MTMwMDAwMDAwWhcNMjUwMzAxMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMUIwQAYDVQQKDDlJ
bnRlcm5ldMKgQ29ycG9yYXRpb27CoGZvcsKgQXNzaWduZWTCoE5hbWVzwqBhbmTC
oE51bWJlcnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIaFD7sO+cpf2fXgCjIsM9mqDgcpqC8IrXi9wga/
9y0rpqcnPVOmTMNLsid3INbBVEm4CNr5cKlh9rJJnWlX2vttJDRyLkfwBD+dsVvi
vGYxWTLmqX6/1LDUZPVrynv/cltemtg/1Aay88jcj2ZaRoRmqBgVeacIzgU8+zmJ
7236TnFSe7fkoKSclsBhPaQKcE3Djs1uszJs8sdECQTdoFX9I6UgeLKFXtg7rRf/
hcW5dI0zubhXbrW8aWXbCzySVZn0c7RkJMpnTCiZzNxnPXnHFpwr5quqqjVyN/aB
KkjoP04Zmr+eRqoyk/+lslq0sS8eaYSSHbC5ja/yMWyVhvMCAwEAAaOCA/IwggPu
MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBRM/tAS
TS4hz2v68vK4TEkCHTGRijCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jnggtl
eGFtcGxlLm5ldIILZXhhbXBsZS5lZHWCC2V4YW1wbGUuY29tggtleGFtcGxlLm9y
Z4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFtcGxl
Lm5ldDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw
MjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUH
AQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYI
KwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIB
fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdABOdaMnXJoQwzhbbNTfP1LrHfDgjhuN
acCx+mSxYpo53wAAAY1b0vxkAAAEAwBFMEMCH0BRCgxPbBBVxhcWZ26a8JCe83P1
JZ6wmv56GsVcyMACIDgpMbEo5HJITTRPnoyT4mG8cLrWjEvhchUdEcWUuk1TAHYA
fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGNW9L8MAAABAMARzBF
AiBdv5Z3pZFbfgoM3tGpCTM3ZxBMQsxBRSdTS6d8d2NAcwIhALLoCT9mTMN9OyFz
IBV5MkXVLyuTf2OAzAOa7d8x2H6XAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6
hzId/R43jlAAAAGNW9L8XwAABAMASDBGAiEA4Koh/VizdQU1tjZ2E2VGgWSXXkwn
QmiYhmAeKcVLHeACIQD7JIGFsdGol7kss2pe4lYrCgPVc+iGZkuqnj26hqhr0TAN
BgkqhkiG9w0BAQsFAAOCAQEABOFuAj4N4yNG9OOWNQWTNSICC4Rd4nOG1HRP/Bsn
rz7KrcPORtb6D+Jx+Q0amhO31QhIvVBYs14gY4Ypyj7MzHgm4VmPXcqLvEkxb2G9
Qv9hYuEiNSQmm1fr5QAN/0AzbEbCM3cImLJ69kP5bUjfv/76KB57is8tYf9sh5ik
LGKauxCM/zRIcGa3bXLDafk5S2g5Vr2hs230d/NGW1wZrE+zdGuMxfGJzJP+DAFv
iBfcQnFg4+1zMEKcqS87oniOyG+60RMM0MdejBD7AS43m9us96Gsun/4kufLQUTI
FfnzxLutUV++3seshgefQOy5C/ayi8y1VTNmujPCxPCi6Q==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3821 bytes and written 739 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: FF426937B2F41B93E9C5246099C5D8CCD1FE21A1A605B802E6BCD70C36913A7D
    Session-ID-ctx:
    Resumption PSK: 3A96464C1943458AED61B68ECE3AF27BAFD026706246391A08A0B00E6E013B1420D00F4F5BBCFDE799919EDEB25A8242
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 26 ce ea a2 33 ef 9f 18-62 e9 79 c6 6f 57 f0 1d   &...3...b.y.oW..
    0010 - cc e3 8c c2 54 a8 b6 91-c1 2d ea dd 1c 05 97 dd   ....T....-......
    0020 - 7c 59 29 cc ea 3d cf 07-69 5e 23 9d 5b 07 3c 6c   |Y)..=..i^#.[.<l
    0030 - 93 3a f1 d3 07 65 66 72-9b 80 c8 02 d9 b7 25 03   .:...efr......%.
    0040 - eb 1d 32 f8 d0 28 f0 44-6e 2b f5 8f 8f 96 6f c6   ..2..(.Dn+....o.
    0050 - 0e 94 fd 2a 54 ef 55 4d-c3 35 a6 8b 3c 61 c4 e3   ...*T.UM.5..<a..
    0060 - 58 4d a6 f6 22 26 88 d9-86 c7 4c 50 ab 4d fa 0c   XM.."&....LP.M..
    0070 - 78 09 08 da 29 40 46 9c-94 82 73 b5 30 97 c6 d4   x...)@F...s.0...
    0080 - ed bd 82 a8 8c bb a3 54-b2 3d db a7 2f 51 6d 3e   .......T.=../Qm>
    0090 - 66 72 80 fe fb 0c 26 12-ee 41 7e fc 16 32 69 88   fr....&..A~..2i.
    00a0 - 84 b9 b1 f5 fa 44 4f 21-c2 f8 f9 d6 56 78 79 e5   .....DO!....Vxy.
    00b0 - 19 f3 8b 88 ce 66 dd 50-9e 5c 38 05 df 4d 14 8b   .....f.P.\8..M..
    00c0 - 3f 99 4e f7 79 1a 4d b6-48 38 7e 93 05 99 2a 1d   ?.N.y.M.H8~...*.

    Start Time: 1717939659
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 07C222679A8E8CA8DE95FD95A0EE5C7BEDBD54E35E5A5CD808E76B7E4D5F9C8F
    Session-ID-ctx:
    Resumption PSK: 68BBEC0F7EE1B6BDEC2C32616F47A3B1FE2CAD015F86198088FCAEC92E78AA6CF8AE98150DC7212DA8660A2AB85F2990
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 26 ce ea a2 33 ef 9f 18-62 e9 79 c6 6f 57 f0 1d   &...3...b.y.oW..
    0010 - 06 a8 78 59 3b 3c 54 04-00 a7 33 cf ef 3d 6e ac   ..xY;<T...3..=n.
    0020 - 96 66 c5 6c ac dd e0 1c-74 6c b9 80 18 33 3b d6   .f.l....tl...3;.
    0030 - 73 93 84 d0 dd 5a fc 2e-a8 8f 61 4e d0 3f 61 d3   s....Z....aN.?a.
    0040 - 3c 89 ed 3b 73 2b 1e 58-d7 1a 6c 3b 07 88 bf 8e   <..;s+.X..l;....
    0050 - 5b c9 9d a4 11 df 6e d0-a2 fb f4 52 3c 6b 74 6e   [.....n....R<ktn
    0060 - b3 8f a5 87 42 37 b2 9c-a6 85 37 49 73 d0 93 4c   ....B7....7Is..L
    0070 - b8 90 20 8e 6e e5 73 2a-bf 88 ee 2d 10 3c b9 33   .. .n.s*...-.<.3
    0080 - d4 66 aa 89 8c e0 7a 68-50 8d ea eb 5f c4 14 94   .f....zhP..._...
    0090 - a5 8c 03 06 71 39 2b dd-eb b1 28 09 2b 55 58 84   ....q9+...(.+UX.
    00a0 - 7b 50 13 0f 3f 28 1c 22-29 42 62 32 aa 35 05 e6   {P..?(.")Bb2.5..
    00b0 - 88 ef bc e8 d7 ee a2 6a-0b d8 a7 d6 eb ed 52 58   .......j......RX
    00c0 - 4d c1 c0 d7 23 05 4d 95-d3 b0 f1 b2 c8 af a2 21   M...#.M........!

    Start Time: 1717939659
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Example

The openssl toll will output a lot of information about how the TLS handshaking has gone, which algorithms were used and even the base64-encoded server certificate will be printed.

Another way:


openssl s_client -connect example.org:443 -verify_return_error -verify_hostname example.org
GET / HTTP/1.1
Host: example.org
Connection: close
<empty line, just press enter>


~/opensslcodes:openssl s_client -connect example.org:443 -verify_return_error -verify_hostname example.org
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
   i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 30 00:00:00 2024 GMT; NotAfter: Mar  1 23:59:59 2025 GMT
 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHbjCCBlagAwIBAgIQB1vO8waJyK3fE+Ua9K/hhzANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw
MTMwMDAwMDAwWhcNMjUwMzAxMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMUIwQAYDVQQKDDlJ
bnRlcm5ldMKgQ29ycG9yYXRpb27CoGZvcsKgQXNzaWduZWTCoE5hbWVzwqBhbmTC
oE51bWJlcnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIaFD7sO+cpf2fXgCjIsM9mqDgcpqC8IrXi9wga/
9y0rpqcnPVOmTMNLsid3INbBVEm4CNr5cKlh9rJJnWlX2vttJDRyLkfwBD+dsVvi
vGYxWTLmqX6/1LDUZPVrynv/cltemtg/1Aay88jcj2ZaRoRmqBgVeacIzgU8+zmJ
7236TnFSe7fkoKSclsBhPaQKcE3Djs1uszJs8sdECQTdoFX9I6UgeLKFXtg7rRf/
hcW5dI0zubhXbrW8aWXbCzySVZn0c7RkJMpnTCiZzNxnPXnHFpwr5quqqjVyN/aB
KkjoP04Zmr+eRqoyk/+lslq0sS8eaYSSHbC5ja/yMWyVhvMCAwEAAaOCA/IwggPu
MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBRM/tAS
TS4hz2v68vK4TEkCHTGRijCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jnggtl
eGFtcGxlLm5ldIILZXhhbXBsZS5lZHWCC2V4YW1wbGUuY29tggtleGFtcGxlLm9y
Z4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFtcGxl
Lm5ldDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v
Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw
MjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp
Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUH
AQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYI
KwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds
b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIB
fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdABOdaMnXJoQwzhbbNTfP1LrHfDgjhuN
acCx+mSxYpo53wAAAY1b0vxkAAAEAwBFMEMCH0BRCgxPbBBVxhcWZ26a8JCe83P1
JZ6wmv56GsVcyMACIDgpMbEo5HJITTRPnoyT4mG8cLrWjEvhchUdEcWUuk1TAHYA
fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGNW9L8MAAABAMARzBF
AiBdv5Z3pZFbfgoM3tGpCTM3ZxBMQsxBRSdTS6d8d2NAcwIhALLoCT9mTMN9OyFz
IBV5MkXVLyuTf2OAzAOa7d8x2H6XAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6
hzId/R43jlAAAAGNW9L8XwAABAMASDBGAiEA4Koh/VizdQU1tjZ2E2VGgWSXXkwn
QmiYhmAeKcVLHeACIQD7JIGFsdGol7kss2pe4lYrCgPVc+iGZkuqnj26hqhr0TAN
BgkqhkiG9w0BAQsFAAOCAQEABOFuAj4N4yNG9OOWNQWTNSICC4Rd4nOG1HRP/Bsn
rz7KrcPORtb6D+Jx+Q0amhO31QhIvVBYs14gY4Ypyj7MzHgm4VmPXcqLvEkxb2G9
Qv9hYuEiNSQmm1fr5QAN/0AzbEbCM3cImLJ69kP5bUjfv/76KB57is8tYf9sh5ik
LGKauxCM/zRIcGa3bXLDafk5S2g5Vr2hs230d/NGW1wZrE+zdGuMxfGJzJP+DAFv
iBfcQnFg4+1zMEKcqS87oniOyG+60RMM0MdejBD7AS43m9us96Gsun/4kufLQUTI
FfnzxLutUV++3seshgefQOy5C/ayi8y1VTNmujPCxPCi6Q==
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org
issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3821 bytes and written 739 bytes
Verification: OK
Verified peername: example.org
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 04CFC688B520585D58BA3657B6ADBF20B7B1EE42CCFE85372D0E8FD58FFBC3B9
    Session-ID-ctx:
    Resumption PSK: A5D08255B20BB9768B2372FA9E46EE8178C92AFDEC5268A4E22F3CB2E5E0385C4742CC58917EB288AE40BDFAD3F67C5C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 5c be 72 9e 79 cb c9 71-76 23 a2 1d 75 c5 3e 55   \.r.y..qv#..u.>U
    0010 - bd 68 1d 34 92 be f7 87-27 90 ca 73 dd b4 03 6d   .h.4....'..s...m
    0020 - 60 b0 94 f6 b2 26 0c 26-2c da 44 06 60 c9 e1 b3   `....&.&,.D.`...
    0030 - e8 6c ed 54 7d 90 4c bd-1e f3 a4 96 62 53 db d5   .l.T}.L.....bS..
    0040 - 60 e3 bc 76 b3 a2 bf 15-85 41 64 7d fb e9 c1 c8   `..v.....Ad}....
    0050 - 26 c6 69 50 d4 81 28 23-90 41 4f ee d3 6c 9e b0   &.iP..(#.AO..l..
    0060 - 46 9e f0 7c 9f c9 8d 68-46 f9 7e 6c 45 f0 7c 4d   F..|...hF.~lE.|M
    0070 - ba 06 bb 08 13 7b 9b 42-15 e1 1e 8d 8a 07 42 fe   .....{.B......B.
    0080 - 68 0c 24 14 78 c2 6f 2f-30 3f 4f f3 63 c9 af f7   h.$.x.o/0?O.c...
    0090 - 3e bb 33 59 10 03 20 77-2c 73 94 a6 eb d5 47 76   >.3Y.. w,s....Gv
    00a0 - 27 29 f2 00 d8 dd 69 77-4d fb 2e 64 24 f9 4f 3a   ')....iwM..d$.O:
    00b0 - 9e 98 05 2c 82 7b 78 c8-aa a2 0e a3 b2 9e d8 28   ...,.{x........(
    00c0 - 21 cf 97 08 f2 b5 43 09-9d 5b 91 93 e8 39 a2 34   !.....C..[...9.4

    Start Time: 1717939879
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: BCD3F2ED664630F111747D895BB1B5CBABEC2104EF44FAB55D1E98690FE12118
    Session-ID-ctx:
    Resumption PSK: 7901A80AE0408E9244DD2560B08A70DD44AED78F879297014CB6516E1DD4DD787D7559D84011840780E2023C313EB316
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 5c be 72 9e 79 cb c9 71-76 23 a2 1d 75 c5 3e 55   \.r.y..qv#..u.>U
    0010 - a0 7f 32 8d be 4c 39 b0-29 cc 30 ff 3a 25 e9 95   ..2..L9.).0.:%..
    0020 - bb 99 39 0a e5 ba 48 f9-7a cc 72 33 16 75 f6 9d   ..9...H.z.r3.u..
    0030 - 07 68 2d 1d 32 d8 dc f3-0a c5 41 0c 1f 4c 15 b8   .h-.2.....A..L..
    0040 - 7b dd cb 63 25 44 a8 2f-35 d2 f0 e6 6b 51 3a b7   {..c%D./5...kQ:.
    0050 - a4 0e 8d 85 28 fe 24 64-53 e1 df 97 56 e6 96 36   ....(.$dS...V..6
    0060 - 6a de 19 bd 29 f9 4f 08-86 d4 ca 51 4e 6e 46 06   j...).O....QNnF.
    0070 - 17 2a c6 1c e2 26 c3 d3-64 4f e3 82 a1 83 15 10   .*...&..dO......
    0080 - 22 2d c3 ec 03 db e6 48-cb 50 53 78 3d 52 85 13   "-.....H.PSx=R..
    0090 - 93 1b ee 3b dc 14 e5 e6-02 98 32 e2 89 a9 b0 e4   ...;......2.....
    00a0 - ce ec a8 ae 1d b6 11 2a-b6 c7 70 f8 96 ad 76 06   .......*..p...v.
    00b0 - 39 8c 40 10 10 b8 e8 6c-32 07 db dc 95 94 b1 a9   9.@....l2.......

    Start Time: 1717939879
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
GET / HTTP/1.1
Host: example.org
Connection: close

HTTP/1.1 200 OK
Age: 398659
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Sun, 09 Jun 2024 13:31:43 GMT
Etag: "3147526947+gzip+ident"
Expires: Sun, 16 Jun 2024 13:31:43 GMT
Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
Server: ECAcc (sac/254E)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 1256
Connection: close

<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;

    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 2em;
        background-color: #fdfdff;
        border-radius: 0.5em;
        box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        div {
            margin: 0 auto;
            width: auto;
        }
    }
    </style>
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.</p>
    <p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
closed

Preparing certificates for a TLS Server Connection

To accept a TLS server connection, we will need to generate two keypairs and certificates; the server certificate and the self-signed CA certificate, which signs the server certificate.

⚠️

Why can’t we just generate a self-signed server certificate? Because using a self-signed certificate as a server certificate is considered an error by most TLS clients and libraries, including the OpenSSL library

This time we will combine the generation of a keypair, CSR and certificate in one command


openssl req -newkey ED448 -x509 -subj "/CN=ROOT CA" -addext "basicConstraints=critical,CA:TRUE" -days 3650 -noenc -keyout ca_keypair.pem -out ca_cert.pem

Generate CSR


openssl req -newkey ED448 -subj "/CN=localhost" -addext "basicConstraints=critical,CA:FALSE" -noenc -keyout server_keypair.pem -out server_csr.pem

Issue Server Certificate


openssl x509 -req -in server_csr.pem -copy_extensions copyall -CA ca_cert.pem -CAkey ca_keypair.pem -days 3650 -out server_cert.pem


~/opensslcodes/tls-server:ls -lh
total 0
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:openssl req -newkey ED448 -x509 -subj "/CN=ROOT CA" -addext "basicConstraints=critical,CA:TRUE" -days 3650 -noenc -keyout ca_keypair.pem -out ca_cert.pem
-----
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:ls -lh
total 8.0K
-rw-r--r-- 1 root root 587 Jun  9 13:41 ca_cert.pem
-rw------- 1 root root 156 Jun  9 13:41 ca_keypair.pem

~/opensslcodes/tls-server:ls -lh
total 8.0K
-rw-r--r-- 1 root root 587 Jun  9 13:41 ca_cert.pem
-rw------- 1 root root 156 Jun  9 13:41 ca_keypair.pem
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:openssl req -newkey ED448 -subj "/CN=localhost" -addext "basicConstraints=critical,CA:FALSE" -noenc -keyout server_keypair.pem -out server_csr.pem
-----
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:ls -lh
total 16K
-rw-r--r-- 1 root root 587 Jun  9 13:41 ca_cert.pem
-rw------- 1 root root 156 Jun  9 13:41 ca_keypair.pem
-rw-r--r-- 1 root root 420 Jun  9 13:43 server_csr.pem
-rw------- 1 root root 156 Jun  9 13:43 server_keypair.pem
~/opensslcodes/tls-server:

~/opensslcodes/tls-server:ls -lh
total 16K
-rw-r--r-- 1 root root 587 Jun  9 13:41 ca_cert.pem
-rw------- 1 root root 156 Jun  9 13:41 ca_keypair.pem
-rw-r--r-- 1 root root 420 Jun  9 13:43 server_csr.pem
-rw------- 1 root root 156 Jun  9 13:43 server_keypair.pem
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:openssl x509 -req -in server_csr.pem -copy_extensions copyall -CA ca_cert.pem -CAkey ca_keypair.pem -days 3650 -out server_cert.pem
Certificate request self-signature ok
subject=CN = localhost
~/opensslcodes/tls-server:
~/opensslcodes/tls-server:ls -lh
total 20K
-rw-r--r-- 1 root root 587 Jun  9 13:41 ca_cert.pem
-rw------- 1 root root 156 Jun  9 13:41 ca_keypair.pem
-rw-r--r-- 1 root root 587 Jun  9 13:44 server_cert.pem
-rw-r--r-- 1 root root 420 Jun  9 13:43 server_csr.pem
-rw------- 1 root root 156 Jun  9 13:43 server_keypair.pem

Note that we used the server hostname “localhost” in the server cert subject field. Is is needed to pass the hostname validation of the cert if the TLS client decides to perform it.

Accepting TLS Connection On Command Line

We will provide a port number, server cert and corressponding server keypair to openssl s_server command to start TLS Server


openssl s_server -port 4433 -key server_keypair.pem -cert server_cert.pem

To check that our TLS server can accept connections and send and receive data over them, we can start a TLS client in another terminal window and connect to our TLS Server


openssl s_client -connect localhost:4433 -verify_return_error -verify_hostname localhost -CAfile ca_cert.pem

Now if the connection is established, try typing something in one window and see it pop up in the other terminal window. You can finish the connection by sending EOF or Ctrl+c