SSL调研

#0.参考
[1][wiki TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security#cite_note-trustworthy_ssl_pulse-71)
[2][Comparison of TLS implementations](https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations)
[3][wireshark ssl wiki](https://wiki.wireshark.org/SSL)
[4][decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it](https://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/)
[5][Decrypting Diffie Hellma Ephemeral with the master key](https://www.unleashnetworks.com/blog/?p=574)
[6][Decrypting TLS messages which is using Diffie hellman algorithm](https://osqa-ask.wireshark.org/questions/21011/decrypting-tls-messages-which-is-using-diffie-hellman-algorithm)
[7][pre-master-key解释](https://medium.com/asecuritysite-when-bob-met-alice/ephemeral-diffie-hellman-c07c54afabff)
[8][Forward Secrecy and Ephemeral Keys … Guarding Against Data Breaches in the Future and the Past](https://medium.com/asecuritysite-when-bob-met-alice/forward-secrecy-and-ephemeral-keys-guarding-against-data-breaches-in-the-future-b709295c6e5a)
[9][tls-pre-master-secrets-and-master-secrets](https://www.cryptologie.net/article/340/tls-pre-master-secrets-and-master-secrets/)
[10][解释tls握手-good](https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/)
[11][ssl/tls decryption uncovering secrets](https://sharkfesteurope.wireshark.org/assets/presentations17eu/15.pdf)

# 1.TLS情况介绍
##1.1 TLS发展
TLS安全传输，顾名思义，传输过程中数据是加密后进行传输，而目前**公司产品(审计/DLP/脱敏)都要获取传输中的明文数据**，进而才能完善产品功能。因此很有必要了解目前TLS规范发展情况，洞悉TLS的细节，以期找到某种方法截获明文数据。
TLS1.1 was defined in [RFC4346](https://tools.ietf.org/html/rfc4346) in April 2006(**2006年4月**)
TLS1.2 was defined in [RFC 5246](https://tools.ietf.org/html/rfc5246) in August 2008(**2008年8月**)
TLS1.3 was defined in [RFC 8446](https://tools.ietf.org/pdf/rfc8446.pdf) in August 2018(***2018年8月***)
## 1.2 TLS各版本使用情况
tips：时间：2019.4.2 来源：[ssl pulse:survery of the ssl implementation of the most popular websites](https://www.ssllabs.com/ssl-pulse/) 
<center>
![TLS各版本使用情况](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051b0)
</center>
## 1.3 各ssl库支持情况
目前SChannel未支持TLS1.3
<center>
![各ssl库支持情况](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051ab)
</center>

## 1.4 Key exchange方法
tips:蓝色 安全；黄色 非安全
<center>
![key exchage](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051a8)
</center>
DHE_RSA(Ephemeral临时 Diffie-Hellman,DHE)
> TLS handshake解释

TLS主要关注dual goals:confidentiality and authentication(机密性与身份验证)
两个party在网上聊天时，为了阻止eve窃听，相互协商密钥，用某种对称算法进行加密(机密性)
两个party要相互验证身份，证书(身份验证)
另外为了保证双方传递消息时的完整性，防止被篡改，要使用hash算法

>关于key exchange方法

<center>
![key-exchange与验签](https://leanote.com/api/file/getImage?fileId=5ce60b82ab644139920016a4)
</center>

- RSA
 - DH(Diffie-Hellman)
 - DHE(Diffie-Hellman Ephemeral临时)
 - ECDH(Elliptic Curve椭圆曲线 Diffie-Hellman)
 - ECDHE(Elliptic Curve Diffie-Hellman Ephemeral)

>关于cipher suite解释

ECDHE-ECDSA-AES-GCM-SHA384

- Elliptic Curve Diffie-Hellman Ephemeral(ECDHE) 密钥交换方法
 - Elliptic Curve Digital Signature Algorithms(ECDSA) authentication(认证)
 - 256-bit Advanced Encryption Standard in Galois/Counter mode (AES256-GCM) for confidentiality(数据传递加密方法)
 - 384-bit Secure Hashing Algorithm for integrity(完整性校验)

> RSA密钥交换

![RSA密钥交换](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051af)

> DH密钥交换参考

<center>
![DH密钥交换](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051b1)
</center>
<center>
![key-exchange](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051ac)
</center>
<center>
![pre-master-key-master-key](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051a9)
</center>

## 1.5 目前破解方法
### 1.5.1 RSA密钥交换破译
RSA交换是不安全的key交换，一旦eve拥有private key，过往所有数据皆可破译，目前TLS1.3已废除此key exchange 方法，TLS1.2已推荐不使用此方法。
RSA破译需要获得客户私钥

- 基于wireshark(或类似抓包软件)破译(重)
 - 开源[decrypt-sslstream](https://github.com/hemingteng/decrypt-sslstream),轻便，已测过可以破译
 - [ssldump](https://pequalsnp-team.github.io/cheatsheet/ssldump)

### 1.5.2 pre-master-key方式(适用于所有key exchange)
 - 获取pre-master-key  and session id(参考:[youtube演讲ssl/tls decryption uncovering secrets](https://www.youtube.com/watch?v=bwJEBwgoeBg)
 [pdf--ssl/tls decryption uncovering secrets](https://sharkfesteurope.wireshark.org/assets/presentations17eu/15.pdf))
 
>A post on the Wireshark Q&A site wondered if you **controlled** the **client** or the **server** and could **output the so called master secret**, can you then **decrypt the SSL/TLS traffic**? The answer is **absolutely**!
If you had the master secret, it does not matter what key exchange algorithm you use. The only question left is : Do you support decryption of the cipher!

- 参考keyless ssl(nginx/openssl--[10])
 <center>
![keyless ssl](https://leanote.com/api/file/getImage?fileId=5cc25c34ab64412a480051ae)
 </center>

信息安全从业人员^_^

导航

最近发表

友情链接