https://www.cloudshark.org/captures/64d433b1585a
看到tls1.3 client hello 内容:
- Secure Sockets Layer
- TLSv1.3 Record Layer: Handshake Protocol: Client Hello
- Content Type: Handshake (22)
- Version: TLS 1.0 (0x0301)
- Length: 234
- Handshake Protocol: Client Hello
- Handshake Type: Client Hello (1)
- Length: 230
- Version: TLS 1.2 (0x0303)
- Random: 3eaf2b6c1d04a8c5369efecf504a7c1c5e5801dd226a98cb...
- Session ID Length: 32
- Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
- Cipher Suites Length: 8
- Cipher Suites (4 suites)
- Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
- Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
- Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
- Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
- Compression Methods Length: 1
- Compression Methods (1 method)
- Compression Method: null (0)
- Extensions Length: 149
- Extension: server_name (len=16)
- Type: server_name (0)
- Length: 16
- Server Name Indication extension
- Server Name list length: 14
- Server Name Type: host_name (0)
- Server Name length: 11
- Server Name: dogfish.lan
- Extension: ec_point_formats (len=4)
- Type: ec_point_formats (11)
- Length: 4
- EC point formats Length: 3
- Elliptic curves point formats (3)
- EC point format: uncompressed (0)
- EC point format: ansiX962_compressed_prime (1)
- EC point format: ansiX962_compressed_char2 (2)
- Extension: supported_groups (len=12)
- Type: supported_groups (10)
- Length: 12
- Supported Groups List Length: 10
- Supported Groups (5 groups)
- Supported Group: x25519 (0x001d)
- Supported Group: secp256r1 (0x0017)
- Supported Group: x448 (0x001e)
- Supported Group: secp521r1 (0x0019)
- Supported Group: secp384r1 (0x0018)
- Extension: SessionTicket TLS (len=0)
- Type: SessionTicket TLS (35)
- Length: 0
- Data (0 bytes)
- Extension: encrypt_then_mac (len=0)
- Type: encrypt_then_mac (22)
- Length: 0
- Extension: extended_master_secret (len=0)
- Type: extended_master_secret (23)
- Length: 0
- Extension: signature_algorithms (len=30)
- Type: signature_algorithms (13)
- Length: 30
- Signature Hash Algorithms Length: 28
- Signature Hash Algorithms (14 algorithms)
- Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: ECDSA (3)
- Signature Algorithm: ed25519 (0x0807)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (7)
- Signature Algorithm: ed448 (0x0808)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (8)
- Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (9)
- Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (10)
- Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (11)
- Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (4)
- Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (5)
- Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
- Signature Hash Algorithm Hash: Unknown (8)
- Signature Hash Algorithm Signature: Unknown (6)
- Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
- Signature Hash Algorithm Hash: SHA256 (4)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
- Signature Hash Algorithm Hash: SHA384 (5)
- Signature Hash Algorithm Signature: RSA (1)
- Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
- Signature Hash Algorithm Hash: SHA512 (6)
- Signature Hash Algorithm Signature: RSA (1)
- Extension: supported_versions (len=7)
- Type: supported_versions (43)
- Length: 7
- Supported Versions length: 6
- Supported Version: TLS 1.3 (draft 28) (0x7f1c)
- Supported Version: TLS 1.3 (draft 27) (0x7f1b)
- Supported Version: TLS 1.3 (draft 26) (0x7f1a)
- Extension: psk_key_exchange_modes (len=2)
- Type: psk_key_exchange_modes (45)
- Length: 2
- PSK Key Exchange Modes Length: 1
- PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
- Extension: key_share (len=38)
- Type: key_share (51)
- Length: 38
- Key Share extension
- Client Key Share Length: 36
- Key Share Entry: Group: x25519, Key Exchange length: 32
- Group: x25519 (29)
- Key Exchange Length: 32
- Key Exchange: 3f011ff8b8090294a2c9223892159c4603851d6c243208a9...
- 另外可以看到server hello一半内容:
- Secure Sockets Layer
- TLSv1.3 Record Layer: Handshake Protocol: Server Hello
- Content Type: Handshake (22)
- Version: TLS 1.2 (0x0303)
- Length: 122
- Handshake Protocol: Server Hello
- Handshake Type: Server Hello (2)
- Length: 118
- Version: TLS 1.2 (0x0303)
- Random: bf661b511b43b686cc648e72d088f0e5e28a6cb8f4159799...
- Session ID Length: 32
- Session ID: d729c73e37d28b272f69641fbe23a89ce4dc5b38b571c4be...
- Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
- Compression Method: null (0)
- Extensions Length: 46
- Extension: supported_versions (len=2)
- Type: supported_versions (43)
- Length: 2
- Supported Version: TLS 1.3 (draft 28) (0x7f1c)
- Extension: key_share (len=36)
- Type: key_share (51)
- Length: 36
- Key Share extension
- Key Share Entry: Group: x25519, Key Exchange length: 32
- Group: x25519 (29)
- Key Exchange Length: 32
- Key Exchange: 3d750141fcd29f825d07d511459d003d4e64741270dbb2f4...
- TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
- Content Type: Change Cipher Spec (20)
- Version: TLS 1.2 (0x0303)
- Length: 1
- Change Cipher Spec Message
- TLSv1.3 Record Layer: Application Data Protocol: Application Data
- Opaque Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 23
- Encrypted Application Data: 52a02a0dd613185b3ff3e26a92bf81fbd12d72a660d5f7
- TLSv1.3 Record Layer: Application Data Protocol: Application Data
- Opaque Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 675
- Encrypted Application Data: 86ac93b3a0a8940dc5b449d8f486537525ba6a76fb4cfaf4...
- TLSv1.3 Record Layer: Application Data Protocol: Application Data
- Opaque Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 153
- Encrypted Application Data: 777f0bb581c3f0746da4731d85d6f5f87b953e99461f702b...
- TLSv1.3 Record Layer: Application Data Protocol: Application Data
- Opaque Type: Application Data (23)
- Version: TLS 1.2 (0x0303)
- Length: 69
- Encrypted Application Data: 7e1ae1d016ce79c750f033ad5e1004a9328b72f9ae316506...
tls 1.2在server hello里有certificate一段,是可以看到证书的颁发者、subject等信息的: 见 https://www.cloudshark.org/captures/26fa735868c1