README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ECDHE-RSA + AES-256 GCM + SHA384)

Purpose  
-------  
Verify if the server at 10.91.239.125 supports TLS 1.2 with cipher suite `ECDHE-RSA-AES256-GCM-SHA384` using curl and Wireshark.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Access to server 10.91.239.125

Testing Procedure  
-----------------  
1. Start Wireshark on the active network interface (e.g., `wlp4s0`).  
2. Run the command:  
   `curl -v --tlsv1.2 --ciphers ECDHE-RSA-AES256-GCM-SHA384 https://10.91.239.125`  
3. Apply Wireshark filter:  
   `tls.handshake`  
4. Inspect the following TLS handshake packets:  
   - Server Hello  
   - Certificate  
   - Server Key Exchange  
   - Server Hello Done

Wireshark Packet Summary  
------------------------  
Frame 6: 1473 bytes captured  
Ethernet II: Src = 50:d4:f7:00:51:e0, Dst = c0:b5:d7:0b:ac:5b  
IPv4: Src = 10.91.239.125, Dst = 192.168.0.36  
TCP: Src Port = 443, Dst Port = 46804  

TLSv1.2 Handshake Details:  

1. **Server Hello**  
   - TLS Version: 1.2 (0x0303)  
   - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)  
   - Compression: null (0)  
   - Extensions:  
     - renegotiation_info  
     - ec_point_formats  
     - application_layer_protocol_negotiation  
     - extended_master_secret  
   - JA3S: 6aea764ee67f71caf3dc723118906199  

2. **Certificate**  
   - Total Length: 968 bytes  
   - Certificate Subject:  
     - Common Name: 10.91.239.125  
     - Organization: Internet Widgits Pty Ltd  
     - Locality: BENGALURU  
     - State: KARNATAKA  

3. **Server Key Exchange**  
   - Key Exchange Method: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)  
   - Length: 296 bytes  

4. **Server Hello Done**  
   - Signals completion of server-side handshake steps

Interpretation  
--------------  
- TLS Version: 1.2  
- Authentication: RSA  
- Key Exchange: ECDHE (supports Perfect Forward Secrecy)  
- Encryption: AES-256 in GCM mode (Galois/Counter Mode)  
- Integrity: Built-in with AES-GCM (authenticated encryption) using SHA-384  
- Server successfully supports this cipher suite

Notes  
-----  
- AES-GCM provides both encryption and integrity efficiently  
- SHA-384 in GCM is more robust than traditional MAC schemes like HMAC-SHA1  
- Capture must begin **before** the `curl` command is run for complete visibility  
- Use Wireshark filter `tls.handshake` to narrow down handshake packets only

---

End of Document