README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ECDHE-RSA + AES-128 GCM + SHA256)

Purpose  
-------  
Verify if the server at 10.91.239.125 supports TLS 1.2 with cipher suite `ECDHE-RSA-AES128-GCM-SHA256` using curl and Wireshark.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Access to server 10.91.239.125

Testing Procedure  
-----------------  
1. Start Wireshark on the active network interface (e.g., `wlp4s0`).  
2. Run the command:  
   `curl -v --tlsv1.2 --ciphers ECDHE-RSA-AES128-GCM-SHA256 https://10.91.239.125`  
3. Apply Wireshark filter:  
   `tls.handshake`  
4. Inspect the following TLS handshake packets:  
   - Server Hello  
   - Certificate  
   - Server Key Exchange  
   - Server Hello Done

Wireshark Packet Summary  
------------------------  
Frame 6: 1473 bytes captured  
Ethernet II: Src = 50:d4:f7:00:51:e0, Dst = c0:b5:d7:0b:ac:5b  
IPv4: Src = 10.91.239.125, Dst = 192.168.0.36  
TCP: Src Port = 443, Dst Port = 38700  

TLSv1.2 Handshake Details:  

1. **Server Hello**  
   - TLS Version: 1.2 (0x0303)  
   - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)  
   - Compression: null (0)  
   - Extensions:  
     - renegotiation_info  
     - ec_point_formats  
     - application_layer_protocol_negotiation  
     - extended_master_secret  
   - JA3S: 27eabd2e03c903c0e38682b67d24b578  

2. **Certificate**  
   - Total Length: 968 bytes  
   - Certificate Subject:  
     - Common Name: 10.91.239.125  
     - Organization: Internet Widgits Pty Ltd  
     - Locality: BENGALURU  
     - State: KARNATAKA  

3. **Server Key Exchange**  
   - Key Exchange Method: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)  
   - Length: 296 bytes  

4. **Server Hello Done**  
   - Signals completion of server-side handshake steps

Interpretation  
--------------  
- TLS Version: 1.2  
- Authentication: RSA  
- Key Exchange: ECDHE (supports Perfect Forward Secrecy)  
- Encryption: AES-128 in GCM mode (provides encryption and integrity in one step)  
- Integrity: Built-in with AES-GCM (authenticated encryption) using SHA-256  
- Server successfully supports this cipher suite

Notes  
-----  
- AES-GCM is more secure and efficient than AES-CBC with separate MAC  
- GCM eliminates the need for `encrypt_then_mac` extension  
- Always ensure Wireshark capture begins **before** curl execution for complete visibility  
- Use the filter `tls.handshake` to isolate handshake-related packets for analysis

---

End of Document