You are on page 1of 4

basic TLS handshake

client hello server hello certificate server hello done client key exchange change cipher spec finished change cipher spec finished GET /secure HTTP/1.1\r\n...

TLS handshake with client cert (ideal)
client hello server hello certificate certificate request server hello done certificate client key exchange certificate verify change cipher spec finished change cipher spec finished GET /secure HTTP/1.1 HTTP/1.1 OK

TLS handshake with client cert (typical) c s
client hello server hello certificate server hello done client key exchange change cipher spec finished change cipher spec finished GET /secure HTTP/1.1 hello request server-initiated renegotiation client hello server hello certificate certificate request server hello done certificate client key exchange certificate verify change cipher spec finished change cipher spec finished HTTP/1.1 OK

c

TLS handshake with client cert - mitm remix m
client hello client hello server hello certificate server hello done client key exchange change cipher spec finished change cipher spec finished POST /secure/evil.html HTTP/1.1 server-initiated renegotiation replay server hello certificate certificate request server hello done certificate client key exchange certificate verify change cipher spec finished change cipher spec finished HTTP/1.1 OK GET /secure HTTP/1.1 change cipher spec hello request client hello server hello certificate certificate request server hello done certificate client key exchange certificate verify change cipher spec

s