Option –insecure is necessary because I’m using a self-signed certificate. To force a cipher suite that is based on RSA for the exchange of the pre-master secret, I use options –tls-max 1.2 and –ciphers AES256-SHA. I use the following curl command with options to force a TLS encryption method that is based on a pre-master secret that is encrypted with the public RSA key of the server:Ĭurl.exe –verbose –insecure –tls-max 1.2 –ciphers AES256-SHA –dump-header 01.headers –output 01.data –trace 01.trace –trace-time I use curl for Windows build with OpenSSL, and not the curl version distributed with Windows 10, that relies on schannel. I use my TCP honeypot to set up a web server, and curl to request a page over TLS. Remark that this method will not work with modern browsers and web servers, as they use perfect forward secrecy. This master secret is derived from a pre-master secret, which is securely exchanged between the client and server using RSA crypto. I made my example as such, that the encryption in this example is done with keys derived from a master secret. In this first example, I show how to decrypt a TLS stream with Wireshark.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |