README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - ECDHE-RSA + AES-256 CBC + SHA384)

Purpose  
-------  
Verify if the server at 10.91.239.125 supports TLS 1.2 with cipher suite `ECDHE-RSA-AES256-CBC-SHA384` using curl and Wireshark.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Access to server 10.91.239.125

Testing Procedure  
-----------------  
1. Start Wireshark on the active network interface (e.g., `wlp4s0`).  
2. Run the command:  
   `curl -v --tlsv1.2 --ciphers ECDHE-RSA-AES256-SHA384 https://10.91.239.125`  
3. Apply Wireshark filter:  
   `tls.handshake`  
4. Inspect the following TLS handshake packets:  
   - Server Hello  
   - Certificate  
   - Server Key Exchange  
   - Server Hello Done

Wireshark Packet Summary  
------------------------  
Frame 6: 1477 bytes captured  
Ethernet II: Src = 50:d4:f7:00:51:e0, Dst = c0:b5:d7:0b:ac:5b  
IPv4: Src = 10.91.239.125, Dst = 192.168.0.36  
TCP: Src Port = 443, Dst Port = 60330  

TLSv1.2 Handshake Details:  

1. **Server Hello**  
   - TLS Version: 1.2 (0x0303)  
   - Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  
   - Compression: null (0)  
   - Extensions:  
     - renegotiation_info  
     - ec_point_formats  
     - application_layer_protocol_negotiation  
     - encrypt_then_mac  
     - extended_master_secret  
   - JA3S: 84154e80f1b1f8986c650e778bd2273f  

2. **Certificate**  
   - Total Length: 968 bytes  
   - Certificate Subject:  
     - Common Name: 10.91.239.125  
     - Organization: Internet Widgits Pty Ltd  
     - Locality: BENGALURU  
     - State: KARNATAKA  

3. **Server Key Exchange**  
   - Key Exchange Method: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)  
   - Length: 296 bytes  

4. **Server Hello Done**  
   - Signals completion of server-side handshake steps

Interpretation  
--------------  
- TLS Version: 1.2  
- Authentication: RSA  
- Key Exchange: ECDHE (supports Perfect Forward Secrecy)  
- Encryption: AES-256 in CBC mode  
- Integrity: SHA-384 (stronger than SHA-1 or SHA-256)  
- Server successfully supports this cipher suite

Notes  
-----  
- SHA-384 offers improved integrity compared to SHA-1/SHA-256  
- Always use Wireshark’s `tls.handshake` filter for focused analysis  
- Make sure capture starts **before** running curl to record the full handshake

---

End of Document