README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ECDHE-RSA + AES-128 CBC + SHA1)

Purpose  
-------  
To verify if the server at 10.91.239.125 supports TLS 1.2 using the ECDHE-RSA-AES128-CBC-SHA cipher suite by analyzing TLS handshake packets using `curl` and `Wireshark`.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Network access to server 10.91.239.125  

Testing Procedure  
-----------------  
1. Start Wireshark on the active interface (e.g., `wlp4s0`)  
2. In terminal, execute:  
   curl -v --tlsv1.2 --ciphers ECDHE-RSA-AES128-SHA https://10.91.239.125  
3. In Wireshark, apply the filter:  
   tls.handshake  
4. Observe the following handshake messages:  
   - Server Hello  
   - Certificate  
   - Server Key Exchange  
   - Server Hello Done  

Wireshark Packet Summary  
------------------------  
Frame 6: 1477 bytes on wire, captured on interface `wlp4s0`  
Ethernet II: Src = 50:d4:f7:00:51:e0, Dst = c0:b5:d7:0b:ac:5b  
IPv4: Src = 10.91.239.125, Dst = 192.168.0.36  
TCP: Src Port = 443, Dst Port = 43706, Seq = 1, Ack = 518, Len = 1411  

TLSv1.2 Handshake Breakdown:  

1. **Server Hello**  
   - Version: TLS 1.2 (0x0303)  
   - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)  
   - Compression Method: null  
   - Extensions:  
     - renegotiation_info  
     - ec_point_formats  
     - application_layer_protocol_negotiation  
     - encrypt_then_mac  
     - extended_master_secret  
   - JA3S: ae754359d11d1544b37d93b2a8ca8e1f  

2. **Certificate**  
   - Length: 968 bytes  
   - Certificate Details:  
     - Common Name: 10.91.239.125  
     - Organization: Internet Widgits Pty Ltd  
     - Location: BENGALURU, KARNATAKA  

3. **Server Key Exchange**  
   - Key Exchange Method: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)  
   - Key Length: 296 bytes  

4. **Server Hello Done**  
   - Indicates completion of server’s portion of the TLS handshake  

Interpretation  
--------------  
- TLS Version: 1.2  
- Authentication: RSA  
- Key Exchange: ECDHE (provides Forward Secrecy)  
- Encryption: AES-128 in CBC mode  
- Message Integrity: SHA-1  
- Handshake successfully completed; server supports the specified cipher suite  

Notes  
-----  
- The cipher suite uses SHA-1, which is considered weak for integrity in modern applications  
- For higher security, prefer SHA-256 or GCM-based suites  
- Ensure `tls.handshake` filter is used for clear analysis  
- Wireshark capture must start before executing the `curl` command  

---

End of Document