I'm not perfect so there could be some (a lot) errors.
- General Explainations
- Differences from TLS1.2 and TLS1.3
- JDK
- Client1 - Print Response
- Server1 - No Sec Layer
- Server2 - Simple SSL
- Server3 - SSL with Love
- Ingredients
- Handshake
- Curiosity
- Sources
HTTPS is an extension of the Hypertext Transfer Protocol. The communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL) is therefore also referred to as HTTP over TLS or HTTP over SSL.
- Removed static RSA
- Removed custom (EC)DHE groups
- Removed compression
- Semi removed (special accommodation fon inline client auth) renegotiation
- Removed non-AEAD ciphers
- Removed simplified resumption
Implied for TLS 1.3:
- Key Exchange / key agreement algorithm: DHE or ECHDE (e.g. not RSA)
- Authentication mechanism: RSA or DSA or ECDSA
- Ciphers: AEAD ciphers (e.g. not CBC)
Java provides several security-based APIs that help out developers to establish secure connections with the client to receive and send messages in an encrypted format:
- Java Secured-Socket Extension (JSSE)
- Java Key Store (JKS)
- Java Cryptography Architecture (JCA)
- Java Cryptographic Extension (JCE)
- Java Authentication and Authorization Service (JAAS)
- Public Key Infrastructure (PKI)
- Network Security Services for Java (JSS)
It's a code from here.
It has to be launched with (or use other method like System.setProperties):
java -Djavax.net.ssl.trustStore=path_to_samplecacerts_file ClientIt is used to do a GET request with Java to a Server with SSL.
Warm up.
Simple HTTP.
Code from here.
With some keytool's commands to create keystore, truststore and import cert on client's truststore.
This is what my mind has created.
What I achieved:
- no use of sun.security libs
- no keytool (use sun's libs) (I'll use openssl)
- cert created and self signed on the fly
- no Bouncy Castle
- no Portecle
- OpenSSl 1.1.1 (implements support for five TLSv1.3 cipher suites)
| Example of cipher suite | TLS_AES_128_GCM_SHA256 |
|---|---|
| Protocol | TLS 1.3 |
| Key Exchange | ECHDE or DHE (chosen from client's supported ciphersuites list) |
| Certificate authentication (CA) | RSA, DSA, ECDSA (chosen from client's supported ciphersuites list) |
| Cipher | AES_128_GCM |
| Mac | SHA256 |
Basic full TLS handshake: (Source)
Client Server
Key ^ ClientHello
Exch | + key_share*
| + signature_algorithms*
| + psk_key_exchange_modes*
v + pre_shared_key* -------->
ServerHello ^ Key
+ key_share* | Exch
+ pre_shared_key* v
{EncryptedExtensions} ^ Server
{CertificateRequest*} v Params
{Certificate*} ^
{CertificateVerify*} | Auth
{Finished} v
<-------- [Application Data*]
^ {Certificate*}
Auth | {CertificateVerify*}
v {Finished} -------->
[Application Data] <-------> [Application Data]
+ Indicates noteworthy extensions sent in the previously noted message.
* Indicates optional or situation-dependent messages/extensions that are not always sent.
{} Indicates messages protected using keys derived from a [sender]_handshake_traffic_secret.
[] Indicates messages protected using keys derived from [sender]_application_traffic_secret_N.
In practice most clients will use X25519 or P-256 for their initial key_share. For maximum performance it is recommended that servers are configured to support at least those two groups and clients use one of those two for its initial key_share. This is the default case (OpenSSL clients will use X25519).
- Blowfish
- CCS attack (TLS 1.2)
E.g. of TLS 1.2 cipher suites
When authentication or key exchange are not indicated tipically you can imply that is RSA
| HexadecimalRappresentation | Protocol_KeyExchange_Auth_Cipher_Mac |
|---|---|
| 0xc02b | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| 0xc02f | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 0x009e | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| 0xcc14 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| 0xcc13 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| 0xc00a | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| 0xc014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| 0x0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| 0xc009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| 0xc013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| 0x0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| 0x009c | TLS_RSA_WITH_AES_128_GCM_SHA256 |
| 0x0035 | TLS_RSA_WITH_AES_256_CBC_SHA |
| 0x002f | TLS_RSA_WITH_AES_128_CBC_SHA |
| 0x000a | TLS_RSA_WITH_3DES_EDE_CBC_SHA |
[ sources tagged with {*} are recommended ] [ sources tagged with {!} are for visual learner ] [ sources tagged with {M} are for Math theory ]
- https://en.wikipedia.org/wiki/Cipher_suite
- {!*}What is a TLS Cipher Suite?
- {!*}Strong vs. Weak TLS Ciphers
- {!*}What Are AEAD Ciphers?
- {1} Difference between pem, csr, key and crt
- wiki - HTTPS
- Differences from TLS1.2 and TLS1.3
- TLS 1.3 - RFC 8446
- docs.oracle.com - 15 - api
- docs.oracle.com - 15 - specs - security
- Easy start https server - YouTube (2016)
- Create & sign SSL/TLS certificates with openssl - YouTube (2020)
- A complete overview of SSL/TLS and its cryptographic system - YouTube (2020)
- LibreSSL
- OpenSSL manual page
- OpenSSL manual page (REQ)
- X.509
- Subject Alternative Name (SAN)
- {!}Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example)
- {!}Transport Layer Security 1.3 Explained - TLS Handshake, Key Exchange, TLS Extensions and MITM
- {!*}Secret Key Exchange (Diffie-Hellman) - Computerphile
- {M}Diffie Hellman -the Mathematics bit- Computerphile
- X25519