README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - ECDHE-RSA + AES-128 CBC + SHA256)

Purpose  
-------  
To verify if the server supports TLS 1.2 with the cipher suite ECDHE-RSA-AES128-CBC-SHA256 by analyzing TLS handshake packets using curl and Wireshark.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Network access to target server (10.91.239.125)  

Testing Procedure  
-----------------  
1. Start Wireshark and begin capturing on the active network interface (e.g., wlp4s0).  
2. In a terminal, execute:  
   curl -v --tlsv1.2 --ciphers ECDHE-RSA-AES128-SHA256 https://10.91.239.125  
3. In Wireshark, apply the filter:  
   tls.handshake  
4. Analyze the following handshake packets:  
   - Server Hello  
   - Certificate  
   - Server Key Exchange  
   - Server Hello Done  

Wireshark Packet Summary  
------------------------  
Frame 6: 1477 bytes on wire, captured on interface wlp4s0  
Ethernet II: Src = 50:d4:f7:00:51:e0, Dst = c0:b5:d7:0b:ac:5b  
IPv4: Src = 10.91.239.125, Dst = 192.168.0.36  
TCP: Src Port = 443, Dst Port = 36960, Seq = 1, Ack = 518, Len = 1411  

TLSv1.2 Handshake Details:  

1. **Server Hello**  
   - Version: TLS 1.2 (0x0303)  
   - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  
   - Compression: null (0)  
   - Extensions:  
     - renegotiation_info  
     - ec_point_formats  
     - application_layer_protocol_negotiation  
     - encrypt_then_mac  
     - extended_master_secret  
   - JA3S: 13fc5ca83a9d991f67c3cc419e1b6a9c  

2. **Certificate**  
   - Length: 968 bytes  
   - Certificate Details:  
     - Common Name: 10.91.239.125  
     - Organization: Internet Widgits Pty Ltd  
     - Location: BENGALURU, KARNATAKA  

3. **Server Key Exchange**  
   - Method: EC Diffie-Hellman  
   - Key Length: 296 bytes  

4. **Server Hello Done**  
   - Indicates server has finished handshake phase  

Interpretation  
--------------  
- TLS Version: 1.2  
- Key Exchange: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)  
- Authentication: RSA  
- Encryption: AES-128 in CBC mode  
- Integrity: SHA-256  
- Forward secrecy is ensured due to ECDHE  
- Server successfully negotiated the requested cipher suite  

Notes  
-----  
- Use `tls.handshake` filter to isolate handshake packets  
- Ensure Wireshark capture begins before running the curl command  
- Verify interface (e.g., `wlp4s0`) is correct for packet capture  
- This cipher is stronger than SHA1-based variants and is suitable for moderate security applications  

---

End of Document