Currently, I am in the university class in security and cryptography, and one of the projects that we are doing includes the implementation of a basic TLS socket.
So, I learned the TLS protocol using both my tutorial and the latest RFC , so I have a pretty good understanding of how TLS / SSL works, as well as how to build a TLS recording format by byte.
So, for starters, I decided to write a server program that listens on port 443 and accepts incoming secure HTTP connections. All he does is accept the client connection and then print the hexadecimal dump of the original message sent by the client.
But when I connect to my server using a web browser (Firefox), I am completely puzzled by the byte that the browser sends me. According to the RFC , the first thing a TLS client needs to do is send a message ClientHello. All messages should be encapsulated in a TLS recording format, which should be formatted as follows (using the C-ish notation used by the RFC):
struct {
ContentType type;
ProtocolVersion version;
uint16 length;
opaque fragment[TLSPlaintext.length];
} TLSPlaintext;
The field ContentTyperepresents a single enumeration value, which must be one of the following types:change_cipher_spec = 0x14, alert = 0x15, handshake = 0x16, application_data = 0x17
So, since the first thing a client needs to do is send a ClientHello message, which is part of a handshake, I expect the very first byte in the byte stream to be 0x16, indicating that this is a confirmation message.
, , :
80 55 01 03 00 00 3c 00 00 00 10 00 00 88 00 00 87 00 00 39 00 00
38 00 00 84 00 00 35 00 00 45 00 00 44 00 00 33 00 00 32 00 00 96
00 00 41 00 00 04 00 00 05 00 00 2f 00 00 16 00 00 13 00 fe ff 00
00 0a 00 00 ff 07 99 58 ad 17 f3 17 23 be 63 8c 6d cb 9b 5f 6f
, , RFC. , TLS, , 0x16 , , . - 0x80 0x55, .
- , ? - TLS?