Professional Documents
Culture Documents
ITT 557
SSL/TLS PROTOCOL
REQUIREMENTS
For this laboratory session, students are required to have the following:
i. Wireshark
ii. wget/curl
INSTRUCTIONS (PART I)
FOR THIS LAB, THERE ARE 2 PARTS, PART I DEALS WITH ANALYZING OF SSL
PACKETS. PART II DEALS WITH CHECKING FOR ANY MISCONFIGURATION OF SSL
ON A SERVER.
Figure 1
c. Does the length cover only the payload or the Record Layer Header as well?
In our video lecture, we have learnt about all the steps that take place during an
SSL Handshake. Click on each step and view the resulting Transport Layer Security
Block. Answer the following questions. (Provide screenshot for your answer)
d. In both Client Hello and Server Hello, how long in bytes is the random data?
Client Hello
-571 bytes
Server Hello
-1454 bytes
- 16 suites
h. Who send the Change Cipher Spec message, the client, the server or both?
- Both the client and server send the change cypher spec message to alert the receiving
party that subsequent records will be secured by the newly agreed keys and Cipher Spec.
i. What are the content carried inside the Change Cipher Spec message?
Finally, amongst the packet listed in the captured is label as alert message. Click
on an alert message and answer the following:
j. What is the purpose of the alert message?
- The purpose of the alert message is TLS protocol uses it to signal the peer that
the connection can be ended. When there is no more traffic to send, this is
normally sent.
- Yes, the alert message is encrypted, and we can’t read the message.
BONUS
This section is for students that would like to explore further the SSL/TLS Protocol.
1. Remove the “ssl” filter to see not only SSL packet but also other TCP
packets that are part of the connection.
2. Try and capture HTTPS packet generated by the browsers instead of
using wget or curl. Notice the differences between both traffic
generated.
3. Try and generate HTTPS traffic for SSL version 2 and 3.
4. Configure wireshark so that it is able to look inside encrypted SSL
messages by using a key.
In this part, you are required to use available online tools to check for any SSL
misconfiguration at the server. Below is list of tools that you can use:
Based on the result that you get, please answer the following question about the
chosen domain.
A. Who is the issuer of the certificate?
- Sectigo RSA Domain Validation Secure Server CA
Finally, you can also check your browser SSL status by vising the following website
https://www.howsmyssl.com/.