šŸ§ƒ

Establish TLS Connection And Sending Data


Ā 

Transport Layer Security

Ā 
  • The TLS protocol is the successor of the Secure Socket Layer (SSL)
  • Used for secure network communication and serves as the basis for higher level protocols like HHTTPS and SMTPS
  • Provides secure communication
  • The current version TLS 1.3 provides the following aspects of security:
    • Privacy or confidentiality of transmitted user data using symmetric encryption
    • Integrity and authencity of transmitted user data, protection against tampering, using authenticated encryption or Message Authetnication Code (MAC)
    • Peer identity proof and protection against Man in the Middle (MITM) attacks using X.509 certificates.
    • Perfect Forward Secrecy (PFS) using Ephemeral Diffie-Hellman (DHE) or Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) key exchange.
      • āš ļø
        PFE Key exchange or key agreement in TLS is a process of agreeing on a symmetric encryption key that will be used for encrypting user data in a TLS session. The oldest key exchange method is RSA key exchange. The newer method is the Diffie-Hellman Key Exchange, where both client and server have an symmetric keypair and derive a symmetric key from theor own private key and the peerā€™s public key. When such a non-PFS key exchange method is used the server certificate keypair is used for both authentication and key exchange. In such cases if an attacker has recorded a TLS session and later stolen the server cert private key then attacker can use it to recover the symmetric session key. When a PFS key exchagne method such as DHE or ECDHE is used the client and the server generate temporary ephemeral keypairs for exchange. Those keypairs are only needed for key exchange and can be destroyed after that. In such cases even if the server certificate key gets stolen the attacker will not be able to decrypt the TLS session, because they will not have any ephemeral private key from that TLS session.
    • TLS ususally runs on top of a reliable transport protocol such as TCP.
    • TLS is used with an app layer protocol such as HTTP
    • HTTPS protocol is HTTP running on top of TLS
    • SMTPS is SMTP running on top of TLS
    • A modification of TLS, called Datagram Transport Layer Security (DTLS) is designed for running on top of an unreliable transport protocol such as UDP.
    • OpenVPN can use both DTLS over UDP and TLS over TCP.
Ā 

TLS Handshake

Ā 
  1. Client sends the list of TLS protocol versions and the cipher suites that client supports.
    1. TLS 1.3 cipher suite name is a compund value like, TLS_AES_256_GCM_SHA384 or TLS_CHACHA20_POLY1305_SHA256. It identifies a symmetric encryption algorithm such as AES_256 or CHACHA20, a block cipher operations mode such as GCM or an encryption authentication method such as POLY1305 and a cryptographic hash function such as SHA384
      TLS 1.3 only supports Authenticated Encryption with Associated Data (AEAD) modes. Older TLS versions support non-authenticted encryption modes in which case the Hash-Based Message Authentication Code (HMAC) algorithm is used to authenticate the encrypted data.
  1. Server choses the highest protocol version and the preferred TLS cipher suite that both the client and the server support. If there are no mutually supported protocol version or cipher suite, the handshake fails.
  1. Server sends its X.509 cert possibly with other certs that will help build the cert signing chain. Client verifies the server cert using a possessed trusted cert of a Certificate Authority (CA). Client also checks if cert subject fiekd matches the server hostname.
  1. Server signs a small amount of data received from the client with the serverā€™s private key which corresponds to the public key contained in the server cert. The client verifies the signature. This way server proves that it owns the cert.
  1. Optionally, the client sends its own cert and the server verifies it.
  1. If the client has send its cert, the client also proves that it is the owner of the cert in a similar way.
  1. Client and Server then negotiate the symmetric session key and the initialisation vector (IV) to be used for the encryption of the user data that will be sent over the TLS protocol.
    1. Client and Server use a key exchange and key agreement algorithm such as ECDHE for agreeing on a handshake secret also known as a pre-master secret.
      Then both cliend and server use a Pseudorandom function for example the HMAC Based Key Derivation Function (HKDF) for generating the master secret and then the session key and the IV.
      Alternatively client can also request the reuse of a saved handshake secret from a previous session, saving computational resources.
  1. Client and Server exchange data for TCP exstensions that they would like to use like, Server Name Indication (SNI) or pre_shared_key.
    1. SNI is an extension to the TLS protocol. It allows a client to indicate which hostname it is attempting to connect to at the start of the TLS handshake process. This is particularly useful in hosting multiple SSL/TLS certificates on a single IP address, as it allows the server to present the correct certificate for the hostname requested by the client.
      PSK is a mechanism used in the TLS protocol where the client and server use a shared secret that was established out-of-band to authenticate and secure the communication. This can help reduce the computational overhead of the TLS handshake and is often used in resource-constrained environments.
  1. Finally client and server authenticate all previously sent handshaking messages with HMAC. If the HMAC verification fails the handshake is considered to have failed and the connection is aborted.
Ā 

What Happens After TLS Handshake

Ā 
  • Client and Server send data to each other encapsulated into TLS Records.
  • Transmitted data is encrypted with the session and authenticated either by an authenticated encryption tag or by HMAC if an older TLS version is used.
  • The receiving party checks the authentication of each TLS record and aborts the connection if an authenticity verification error is detected.
  • When one part detects such an error, it alerts the other party of it using the TLS Alert Message.
  • One possible alert message is close_notify.
    • Used for a proper shutdown of the TLS connection
    • Notifies the other party that it is closing its writing part of the TLS connection and will not send more data.
  • TLS protocol specs mandate that both client and server send close_notify when the TLS connection has come to itā€™s logical end.
  • The underlying TCP connection must be closed spearately after the TLS connection closure.
  • TLS 1.3 also supports in some cases zero round-trip time (0-RTT) handshaking mode, which allows the TLS client to send encrypted user data in the first data flight from the client to the server if an earlier TLS session can be reused.
Ā 

Establishing TLS Client Connection

Ā 
There is an HTTPS serveron the internet to use as an example; https://example.org
Ā 
Letā€™s connect to it via TLS and get its homepage:
openssl s_client -connect example.org:443
Ā 
~/opensslcodes:openssl s_client -connect example.org:443 CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 verify return:1 depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 30 00:00:00 2024 GMT; NotAfter: Mar 1 23:59:59 2025 GMT 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIHbjCCBlagAwIBAgIQB1vO8waJyK3fE+Ua9K/hhzANBgkqhkiG9w0BAQsFADBZ MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw MTMwMDAwMDAwWhcNMjUwMzAxMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMUIwQAYDVQQKDDlJ bnRlcm5ldMKgQ29ycG9yYXRpb27CoGZvcsKgQXNzaWduZWTCoE5hbWVzwqBhbmTC oE51bWJlcnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAIaFD7sO+cpf2fXgCjIsM9mqDgcpqC8IrXi9wga/ 9y0rpqcnPVOmTMNLsid3INbBVEm4CNr5cKlh9rJJnWlX2vttJDRyLkfwBD+dsVvi vGYxWTLmqX6/1LDUZPVrynv/cltemtg/1Aay88jcj2ZaRoRmqBgVeacIzgU8+zmJ 7236TnFSe7fkoKSclsBhPaQKcE3Djs1uszJs8sdECQTdoFX9I6UgeLKFXtg7rRf/ hcW5dI0zubhXbrW8aWXbCzySVZn0c7RkJMpnTCiZzNxnPXnHFpwr5quqqjVyN/aB KkjoP04Zmr+eRqoyk/+lslq0sS8eaYSSHbC5ja/yMWyVhvMCAwEAAaOCA/IwggPu MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBRM/tAS TS4hz2v68vK4TEkCHTGRijCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jnggtl eGFtcGxlLm5ldIILZXhhbXBsZS5lZHWCC2V4YW1wbGUuY29tggtleGFtcGxlLm9y Z4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFtcGxl Lm5ldDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw MjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUH AQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYI KwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIB fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdABOdaMnXJoQwzhbbNTfP1LrHfDgjhuN acCx+mSxYpo53wAAAY1b0vxkAAAEAwBFMEMCH0BRCgxPbBBVxhcWZ26a8JCe83P1 JZ6wmv56GsVcyMACIDgpMbEo5HJITTRPnoyT4mG8cLrWjEvhchUdEcWUuk1TAHYA fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGNW9L8MAAABAMARzBF AiBdv5Z3pZFbfgoM3tGpCTM3ZxBMQsxBRSdTS6d8d2NAcwIhALLoCT9mTMN9OyFz IBV5MkXVLyuTf2OAzAOa7d8x2H6XAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6 hzId/R43jlAAAAGNW9L8XwAABAMASDBGAiEA4Koh/VizdQU1tjZ2E2VGgWSXXkwn QmiYhmAeKcVLHeACIQD7JIGFsdGol7kss2pe4lYrCgPVc+iGZkuqnj26hqhr0TAN BgkqhkiG9w0BAQsFAAOCAQEABOFuAj4N4yNG9OOWNQWTNSICC4Rd4nOG1HRP/Bsn rz7KrcPORtb6D+Jx+Q0amhO31QhIvVBYs14gY4Ypyj7MzHgm4VmPXcqLvEkxb2G9 Qv9hYuEiNSQmm1fr5QAN/0AzbEbCM3cImLJ69kP5bUjfv/76KB57is8tYf9sh5ik LGKauxCM/zRIcGa3bXLDafk5S2g5Vr2hs230d/NGW1wZrE+zdGuMxfGJzJP+DAFv iBfcQnFg4+1zMEKcqS87oniOyG+60RMM0MdejBD7AS43m9us96Gsun/4kufLQUTI FfnzxLutUV++3seshgefQOy5C/ayi8y1VTNmujPCxPCi6Q== -----END CERTIFICATE----- subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 3821 bytes and written 739 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: FF426937B2F41B93E9C5246099C5D8CCD1FE21A1A605B802E6BCD70C36913A7D Session-ID-ctx: Resumption PSK: 3A96464C1943458AED61B68ECE3AF27BAFD026706246391A08A0B00E6E013B1420D00F4F5BBCFDE799919EDEB25A8242 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 26 ce ea a2 33 ef 9f 18-62 e9 79 c6 6f 57 f0 1d &...3...b.y.oW.. 0010 - cc e3 8c c2 54 a8 b6 91-c1 2d ea dd 1c 05 97 dd ....T....-...... 0020 - 7c 59 29 cc ea 3d cf 07-69 5e 23 9d 5b 07 3c 6c |Y)..=..i^#.[.<l 0030 - 93 3a f1 d3 07 65 66 72-9b 80 c8 02 d9 b7 25 03 .:...efr......%. 0040 - eb 1d 32 f8 d0 28 f0 44-6e 2b f5 8f 8f 96 6f c6 ..2..(.Dn+....o. 0050 - 0e 94 fd 2a 54 ef 55 4d-c3 35 a6 8b 3c 61 c4 e3 ...*T.UM.5..<a.. 0060 - 58 4d a6 f6 22 26 88 d9-86 c7 4c 50 ab 4d fa 0c XM.."&....LP.M.. 0070 - 78 09 08 da 29 40 46 9c-94 82 73 b5 30 97 c6 d4 x...)@F...s.0... 0080 - ed bd 82 a8 8c bb a3 54-b2 3d db a7 2f 51 6d 3e .......T.=../Qm> 0090 - 66 72 80 fe fb 0c 26 12-ee 41 7e fc 16 32 69 88 fr....&..A~..2i. 00a0 - 84 b9 b1 f5 fa 44 4f 21-c2 f8 f9 d6 56 78 79 e5 .....DO!....Vxy. 00b0 - 19 f3 8b 88 ce 66 dd 50-9e 5c 38 05 df 4d 14 8b .....f.P.\8..M.. 00c0 - 3f 99 4e f7 79 1a 4d b6-48 38 7e 93 05 99 2a 1d ?.N.y.M.H8~...*. Start Time: 1717939659 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 07C222679A8E8CA8DE95FD95A0EE5C7BEDBD54E35E5A5CD808E76B7E4D5F9C8F Session-ID-ctx: Resumption PSK: 68BBEC0F7EE1B6BDEC2C32616F47A3B1FE2CAD015F86198088FCAEC92E78AA6CF8AE98150DC7212DA8660A2AB85F2990 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 26 ce ea a2 33 ef 9f 18-62 e9 79 c6 6f 57 f0 1d &...3...b.y.oW.. 0010 - 06 a8 78 59 3b 3c 54 04-00 a7 33 cf ef 3d 6e ac ..xY;<T...3..=n. 0020 - 96 66 c5 6c ac dd e0 1c-74 6c b9 80 18 33 3b d6 .f.l....tl...3;. 0030 - 73 93 84 d0 dd 5a fc 2e-a8 8f 61 4e d0 3f 61 d3 s....Z....aN.?a. 0040 - 3c 89 ed 3b 73 2b 1e 58-d7 1a 6c 3b 07 88 bf 8e <..;s+.X..l;.... 0050 - 5b c9 9d a4 11 df 6e d0-a2 fb f4 52 3c 6b 74 6e [.....n....R<ktn 0060 - b3 8f a5 87 42 37 b2 9c-a6 85 37 49 73 d0 93 4c ....B7....7Is..L 0070 - b8 90 20 8e 6e e5 73 2a-bf 88 ee 2d 10 3c b9 33 .. .n.s*...-.<.3 0080 - d4 66 aa 89 8c e0 7a 68-50 8d ea eb 5f c4 14 94 .f....zhP..._... 0090 - a5 8c 03 06 71 39 2b dd-eb b1 28 09 2b 55 58 84 ....q9+...(.+UX. 00a0 - 7b 50 13 0f 3f 28 1c 22-29 42 62 32 aa 35 05 e6 {P..?(.")Bb2.5.. 00b0 - 88 ef bc e8 d7 ee a2 6a-0b d8 a7 d6 eb ed 52 58 .......j......RX 00c0 - 4d c1 c0 d7 23 05 4d 95-d3 b0 f1 b2 c8 af a2 21 M...#.M........! Start Time: 1717939659 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK
Example
Ā 
The openssl toll will output a lot of information about how the TLS handshaking has gone, which algorithms were used and even the base64-encoded server certificate will be printed.
Ā 
Another way:
openssl s_client -connect example.org:443 -verify_return_error -verify_hostname example.org GET / HTTP/1.1 Host: example.org Connection: close <empty line, just press enter>
Ā 
~/opensslcodes:openssl s_client -connect example.org:443 -verify_return_error -verify_hostname example.org CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 verify return:1 depth=0 C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org verify return:1 --- Certificate chain 0 s:C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 30 00:00:00 2024 GMT; NotAfter: Mar 1 23:59:59 2025 GMT 1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIHbjCCBlagAwIBAgIQB1vO8waJyK3fE+Ua9K/hhzANBgkqhkiG9w0BAQsFADBZ MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQw MTMwMDAwMDAwWhcNMjUwMzAxMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEzARBgNV BAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMUIwQAYDVQQKDDlJ bnRlcm5ldMKgQ29ycG9yYXRpb27CoGZvcsKgQXNzaWduZWTCoE5hbWVzwqBhbmTC oE51bWJlcnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAIaFD7sO+cpf2fXgCjIsM9mqDgcpqC8IrXi9wga/ 9y0rpqcnPVOmTMNLsid3INbBVEm4CNr5cKlh9rJJnWlX2vttJDRyLkfwBD+dsVvi vGYxWTLmqX6/1LDUZPVrynv/cltemtg/1Aay88jcj2ZaRoRmqBgVeacIzgU8+zmJ 7236TnFSe7fkoKSclsBhPaQKcE3Djs1uszJs8sdECQTdoFX9I6UgeLKFXtg7rRf/ hcW5dI0zubhXbrW8aWXbCzySVZn0c7RkJMpnTCiZzNxnPXnHFpwr5quqqjVyN/aB KkjoP04Zmr+eRqoyk/+lslq0sS8eaYSSHbC5ja/yMWyVhvMCAwEAAaOCA/IwggPu MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBRM/tAS TS4hz2v68vK4TEkCHTGRijCBgQYDVR0RBHoweIIPd3d3LmV4YW1wbGUub3Jnggtl eGFtcGxlLm5ldIILZXhhbXBsZS5lZHWCC2V4YW1wbGUuY29tggtleGFtcGxlLm9y Z4IPd3d3LmV4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5lZHWCD3d3dy5leGFtcGxl Lm5ldDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG CCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0fBIGXMIGUMEigRqBEhkJodHRwOi8v Y3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIw MjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDCBhwYIKwYBBQUH AQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUQYI KwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEds b2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNydDAMBgNVHRMBAf8EAjAAMIIB fQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdABOdaMnXJoQwzhbbNTfP1LrHfDgjhuN acCx+mSxYpo53wAAAY1b0vxkAAAEAwBFMEMCH0BRCgxPbBBVxhcWZ26a8JCe83P1 JZ6wmv56GsVcyMACIDgpMbEo5HJITTRPnoyT4mG8cLrWjEvhchUdEcWUuk1TAHYA fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGNW9L8MAAABAMARzBF AiBdv5Z3pZFbfgoM3tGpCTM3ZxBMQsxBRSdTS6d8d2NAcwIhALLoCT9mTMN9OyFz IBV5MkXVLyuTf2OAzAOa7d8x2H6XAHcA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6 hzId/R43jlAAAAGNW9L8XwAABAMASDBGAiEA4Koh/VizdQU1tjZ2E2VGgWSXXkwn QmiYhmAeKcVLHeACIQD7JIGFsdGol7kss2pe4lYrCgPVc+iGZkuqnj26hqhr0TAN BgkqhkiG9w0BAQsFAAOCAQEABOFuAj4N4yNG9OOWNQWTNSICC4Rd4nOG1HRP/Bsn rz7KrcPORtb6D+Jx+Q0amhO31QhIvVBYs14gY4Ypyj7MzHgm4VmPXcqLvEkxb2G9 Qv9hYuEiNSQmm1fr5QAN/0AzbEbCM3cImLJ69kP5bUjfv/76KB57is8tYf9sh5ik LGKauxCM/zRIcGa3bXLDafk5S2g5Vr2hs230d/NGW1wZrE+zdGuMxfGJzJP+DAFv iBfcQnFg4+1zMEKcqS87oniOyG+60RMM0MdejBD7AS43m9us96Gsun/4kufLQUTI FfnzxLutUV++3seshgefQOy5C/ayi8y1VTNmujPCxPCi6Q== -----END CERTIFICATE----- subject=C = US, ST = California, L = Los Angeles, O = Internet\C2\A0Corporation\C2\A0for\C2\A0Assigned\C2\A0Names\C2\A0and\C2\A0Numbers, CN = www.example.org issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 3821 bytes and written 739 bytes Verification: OK Verified peername: example.org --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 04CFC688B520585D58BA3657B6ADBF20B7B1EE42CCFE85372D0E8FD58FFBC3B9 Session-ID-ctx: Resumption PSK: A5D08255B20BB9768B2372FA9E46EE8178C92AFDEC5268A4E22F3CB2E5E0385C4742CC58917EB288AE40BDFAD3F67C5C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 5c be 72 9e 79 cb c9 71-76 23 a2 1d 75 c5 3e 55 \.r.y..qv#..u.>U 0010 - bd 68 1d 34 92 be f7 87-27 90 ca 73 dd b4 03 6d .h.4....'..s...m 0020 - 60 b0 94 f6 b2 26 0c 26-2c da 44 06 60 c9 e1 b3 `....&.&,.D.`... 0030 - e8 6c ed 54 7d 90 4c bd-1e f3 a4 96 62 53 db d5 .l.T}.L.....bS.. 0040 - 60 e3 bc 76 b3 a2 bf 15-85 41 64 7d fb e9 c1 c8 `..v.....Ad}.... 0050 - 26 c6 69 50 d4 81 28 23-90 41 4f ee d3 6c 9e b0 &.iP..(#.AO..l.. 0060 - 46 9e f0 7c 9f c9 8d 68-46 f9 7e 6c 45 f0 7c 4d F..|...hF.~lE.|M 0070 - ba 06 bb 08 13 7b 9b 42-15 e1 1e 8d 8a 07 42 fe .....{.B......B. 0080 - 68 0c 24 14 78 c2 6f 2f-30 3f 4f f3 63 c9 af f7 h.$.x.o/0?O.c... 0090 - 3e bb 33 59 10 03 20 77-2c 73 94 a6 eb d5 47 76 >.3Y.. w,s....Gv 00a0 - 27 29 f2 00 d8 dd 69 77-4d fb 2e 64 24 f9 4f 3a ')....iwM..d$.O: 00b0 - 9e 98 05 2c 82 7b 78 c8-aa a2 0e a3 b2 9e d8 28 ...,.{x........( 00c0 - 21 cf 97 08 f2 b5 43 09-9d 5b 91 93 e8 39 a2 34 !.....C..[...9.4 Start Time: 1717939879 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: BCD3F2ED664630F111747D895BB1B5CBABEC2104EF44FAB55D1E98690FE12118 Session-ID-ctx: Resumption PSK: 7901A80AE0408E9244DD2560B08A70DD44AED78F879297014CB6516E1DD4DD787D7559D84011840780E2023C313EB316 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 5c be 72 9e 79 cb c9 71-76 23 a2 1d 75 c5 3e 55 \.r.y..qv#..u.>U 0010 - a0 7f 32 8d be 4c 39 b0-29 cc 30 ff 3a 25 e9 95 ..2..L9.).0.:%.. 0020 - bb 99 39 0a e5 ba 48 f9-7a cc 72 33 16 75 f6 9d ..9...H.z.r3.u.. 0030 - 07 68 2d 1d 32 d8 dc f3-0a c5 41 0c 1f 4c 15 b8 .h-.2.....A..L.. 0040 - 7b dd cb 63 25 44 a8 2f-35 d2 f0 e6 6b 51 3a b7 {..c%D./5...kQ:. 0050 - a4 0e 8d 85 28 fe 24 64-53 e1 df 97 56 e6 96 36 ....(.$dS...V..6 0060 - 6a de 19 bd 29 f9 4f 08-86 d4 ca 51 4e 6e 46 06 j...).O....QNnF. 0070 - 17 2a c6 1c e2 26 c3 d3-64 4f e3 82 a1 83 15 10 .*...&..dO...... 0080 - 22 2d c3 ec 03 db e6 48-cb 50 53 78 3d 52 85 13 "-.....H.PSx=R.. 0090 - 93 1b ee 3b dc 14 e5 e6-02 98 32 e2 89 a9 b0 e4 ...;......2..... 00a0 - ce ec a8 ae 1d b6 11 2a-b6 c7 70 f8 96 ad 76 06 .......*..p...v. 00b0 - 39 8c 40 10 10 b8 e8 6c-32 07 db dc 95 94 b1 a9 9.@....l2....... Start Time: 1717939879 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK GET / HTTP/1.1 Host: example.org Connection: close HTTP/1.1 200 OK Age: 398659 Cache-Control: max-age=604800 Content-Type: text/html; charset=UTF-8 Date: Sun, 09 Jun 2024 13:31:43 GMT Etag: "3147526947+gzip+ident" Expires: Sun, 16 Jun 2024 13:31:43 GMT Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT Server: ECAcc (sac/254E) Vary: Accept-Encoding X-Cache: HIT Content-Length: 1256 Connection: close <!doctype html> <html> <head> <title>Example Domain</title> <meta charset="utf-8" /> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <style type="text/css"> body { background-color: #f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color: #fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color: #38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } } </style> </head> <body> <div> <h1>Example Domain</h1> <p>This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.</p> <p><a href="https://www.iana.org/domains/example">More information...</a></p> </div> </body> </html> closed
Ā 

Preparing certificates for a TLS Server Connection

Ā 
To accept a TLS server connection, we will need to generate two keypairs and certificates; the server certificate and the self-signed CA certificate, which signs the server certificate.
Ā 
āš ļø
Why canā€™t we just generate a self-signed server certificate? Because using a self-signed certificate as a server certificate is considered an error by most TLS clients and libraries, including the OpenSSL library
Ā 
This time we will combine the generation of a keypair, CSR and certificate in one command
Ā 
openssl req -newkey ED448 -x509 -subj "/CN=ROOT CA" -addext "basicConstraints=critical,CA:TRUE" -days 3650 -noenc -keyout ca_keypair.pem -out ca_cert.pem
Ā 
Generate CSR
Ā 
openssl req -newkey ED448 -subj "/CN=localhost" -addext "basicConstraints=critical,CA:FALSE" -noenc -keyout server_keypair.pem -out server_csr.pem
Ā 
Issue Server Certificate
Ā 
openssl x509 -req -in server_csr.pem -copy_extensions copyall -CA ca_cert.pem -CAkey ca_keypair.pem -days 3650 -out server_cert.pem
Ā 
~/opensslcodes/tls-server:ls -lh total 0 ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:openssl req -newkey ED448 -x509 -subj "/CN=ROOT CA" -addext "basicConstraints=critical,CA:TRUE" -days 3650 -noenc -keyout ca_keypair.pem -out ca_cert.pem ----- ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:ls -lh total 8.0K -rw-r--r-- 1 root root 587 Jun 9 13:41 ca_cert.pem -rw------- 1 root root 156 Jun 9 13:41 ca_keypair.pem ~/opensslcodes/tls-server:ls -lh total 8.0K -rw-r--r-- 1 root root 587 Jun 9 13:41 ca_cert.pem -rw------- 1 root root 156 Jun 9 13:41 ca_keypair.pem ~/opensslcodes/tls-server: ~/opensslcodes/tls-server: ~/opensslcodes/tls-server: ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:openssl req -newkey ED448 -subj "/CN=localhost" -addext "basicConstraints=critical,CA:FALSE" -noenc -keyout server_keypair.pem -out server_csr.pem ----- ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:ls -lh total 16K -rw-r--r-- 1 root root 587 Jun 9 13:41 ca_cert.pem -rw------- 1 root root 156 Jun 9 13:41 ca_keypair.pem -rw-r--r-- 1 root root 420 Jun 9 13:43 server_csr.pem -rw------- 1 root root 156 Jun 9 13:43 server_keypair.pem ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:ls -lh total 16K -rw-r--r-- 1 root root 587 Jun 9 13:41 ca_cert.pem -rw------- 1 root root 156 Jun 9 13:41 ca_keypair.pem -rw-r--r-- 1 root root 420 Jun 9 13:43 server_csr.pem -rw------- 1 root root 156 Jun 9 13:43 server_keypair.pem ~/opensslcodes/tls-server: ~/opensslcodes/tls-server: ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:openssl x509 -req -in server_csr.pem -copy_extensions copyall -CA ca_cert.pem -CAkey ca_keypair.pem -days 3650 -out server_cert.pem Certificate request self-signature ok subject=CN = localhost ~/opensslcodes/tls-server: ~/opensslcodes/tls-server:ls -lh total 20K -rw-r--r-- 1 root root 587 Jun 9 13:41 ca_cert.pem -rw------- 1 root root 156 Jun 9 13:41 ca_keypair.pem -rw-r--r-- 1 root root 587 Jun 9 13:44 server_cert.pem -rw-r--r-- 1 root root 420 Jun 9 13:43 server_csr.pem -rw------- 1 root root 156 Jun 9 13:43 server_keypair.pem
Ā 
Note that we used the server hostname ā€œlocalhostā€ in the server cert subject field. Is is needed to pass the hostname validation of the cert if the TLS client decides to perform it.
Ā 

Accepting TLS Connection On Command Line

Ā 
  1. We will provide a port number, server cert and corressponding server keypair to openssl s_server command to start TLS Server
    1. openssl s_server -port 4433 -key server_keypair.pem -cert server_cert.pem
  1. To check that our TLS server can accept connections and send and receive data over them, we can start a TLS client in another terminal window and connect to our TLS Server
    1. openssl s_client -connect localhost:4433 -verify_return_error -verify_hostname localhost -CAfile ca_cert.pem
  1. Now if the connection is established, try typing something in one window and see it pop up in the other terminal window. You can finish the connection by sending EOF or Ctrl+c
Ā 
notion image
Ā