README: TLS Authentication and Encryption Algorithm Testing (Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - DHE-RSA + AES-128 CBC + SHA256) Purpose ------- Verify server supports TLS 1.2 with DHE-RSA-AES128-SHA256 cipher by capturing TLS handshake via curl and Wireshark. Prerequisites ------------- - curl installed - Wireshark installed - Network access to server 10.91.239.125 Testing Procedure ----------------- 1. Run: curl -v --tlsv1.2 --ciphers DHE-RSA-AES128-SHA256 https://10.91.239.125 2. Start Wireshark capture on your interface. 3. Apply filter: tls.handshake 4. Observe Server Hello, Certificate, Server Hello Done packets for encryption and authentication details. Wireshark Packet Summary ------------------------ Frame 6: 1952 bytes on wire (15616 bits), 1952 bytes captured (15616 bits) on interface wlp4s0, id 0 Ethernet II, Src: Tp-LinkT_00:51:e0 (50:d4:f7:00:51:e0), Dst: Chongqin_0b:ac:5b (c0:b5:d7:0b:ac:5b) Internet Protocol Version 4, Src: 10.91.239.125, Dst: 192.168.0.36 Version: 4, Header Length: 20 bytes Total Length: 1938 Identification: 0xcb5c (52060) Flags: Don't fragment Time to Live: 63 Protocol: TCP (6) Source Address: 10.91.239.125 Destination Address: 192.168.0.36 Transmission Control Protocol, Src Port: 443, Dst Port: 44400, Seq: 1, Ack: 518, Len: 1886 Flags: PSH, ACK Window: 506 (scaled to 64768) Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 104 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 100 Version: TLS 1.2 (0x0303) Random: 2572423ab9822940c40657306a4fc17891adaf7427c8c41ee7ca00d8eaf635de Session ID Length: 32 Session ID: 3019e4bccfb4e1cd131051170c40c1506b022f56004d8a82e37a5eb962d3d506 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Compression Method: null (0) Extensions Length: 28 Extension: renegotiation_info (len=1) Extension: application_layer_protocol_negotiation (len=11) Extension: encrypt_then_mac (len=0) Extension: extended_master_secret (len=0) [JA3S Fullstring: 771,103,65281-16-22-23] [JA3S: 9352114915136e5e21390acebf39abfe] TLSv1.2 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 975 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 971 Certificates Length: 968 Certificates (968 bytes) Certificate Length: 965 Certificate: 308203c1308202a9a00302010202143a1c6e7542b6bedcd6cbf6bf3c048453eefd009a30… (id-at-commonName=10.91.239.125, id-at-organizationName=Internet Widgits Pty Ltd, id-at-localityName=BENGALURU, id-at-stateOrProvinceName=KARNATAKA) TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 783 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 779 Diffie-Hellman Server Params TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 Interpretation -------------- - Server supports TLS 1.2. - Cipher suite uses DHE-RSA for authentication with AES-128 CBC encryption and SHA-256 MAC. - Server certificate authenticates the server identity. - Server Hello Done indicates handshake completion. - Successful handshake confirms cipher and authentication support. Notes ----- - If handshake fails, server may not support this cipher. - Ensure correct network interface is captured in Wireshark. - Use `tls.handshake` filter to isolate handshake packets. --- End of Document