Cryptographic - Network protocol

> Software Security > Cryptography - Key

1 - About

Network - Communication Protocol in Cryptography.

The cryptographic protocols are used to encrypt the data stream between a server (for instance a web server) and a client (for instance, a browser).

There is basically one (SSL, TLS) with different version. The cryptographic protocol name was changed from SSL to TLS when it became a standard.

Advertising

3 - Management

3.1 - List protocol supported

with Openssl

openssl s_client -connect gerardnico.com:443 -servername gerardnico.com -msg
Loading 'screen' into random state - done                                                                 
CONNECTED(000001A4)                                                                                       
>>> TLS 1.2  [length 0005]                                                                                
    16 03 01 01 39                                                                                        
>>> TLS 1.2 Handshake [length 0139], ClientHello                                                          
    01 00 01 35 03 03 0e d1 9c 66 df 4b 69 5f 76 df                                                       
    b6 9c 59 e6 9c 7b 26 bc 30 9d 56 5d 46 6b 37 7c                                                       
    0a d0 73 17 49 46 00 00 b6 c0 30 c0 2c c0 28 c0                                                       
    24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00                                                       
    6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00                                                       
    87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0                                                       
    05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0                                                       
    23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00                                                       
    40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00                                                       
    99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0                                                       
    2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00                                                       
    96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00                                                       
    04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0                                                       
    03 00 0a 00 15 00 12 00 0f 00 0c 00 09 00 ff 02                                                       
    01 00 00 55 00 0b 00 04 03 00 01 02 00 0a 00 1c                                                       
    00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16                                                       
    00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00                                                       
    00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02                                                       
    05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01                                                       
    02 02 02 03 00 0f 00 01 01                                                                            
<<< TLS 1.0  [length 0005]                                                                                
    15 03 01 00 02                                                                                        
<<< TLS 1.0 Alert [length 0002], fatal handshake_failure                                                  
..............................
..............................
..............................

4 - Support

4.1 - SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769

Set the -servername. See Server Name Indication (SNI)