README: TLS Authentication and Encryption Algorithm Testing (Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA - AES-128 CBC + RSA) =========================================================== Purpose ------- This document explains how to verify if a server supports specific TLS authentication and encryption algorithms by capturing and analyzing a TLS handshake using curl and Wireshark. Prerequisites ------------- - curl installed - Wireshark installed - Network access to the target server (e.g., 10.91.239.125) Testing Procedure ----------------- 1. Run the following curl command to connect to the server using TLS 1.2 with the AES128-SHA cipher: curl -v --tlsv1.2 --ciphers AES128-SHA https://10.91.239.125 2. Start capturing packets on your network interface using Wireshark while running the curl command. 3. In Wireshark, apply the display filter: tls.handshake 4. Observe the TLS handshake packets from the server, focusing on the following: - Server Hello: Shows TLS version, cipher suite chosen by the server, session ID, and extensions. - Certificate: Contains the server’s SSL certificate for authentication. - Server Hello Done: Marks completion of the server handshake messages. Key Information to Validate --------------------------- - TLS Version: TLS 1.2 (0x0303) - Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) - RSA for authentication - AES-128 encryption in CBC mode - SHA-1 for message authentication - Compression: null (no compression) - Extensions: renegotiation_info, application_layer_protocol_negotiation, encrypt_then_mac, extended_master_secret Sample Wireshark Packet Summary ------------------------------- Frame 6: 1164 bytes on wire (9312 bits), 1164 bytes captured (9312 bits) Interface id: 0 (wlp4s0) Arrival Time: Jun 18, 2025 17:53:10.177583164 IST Protocols in frame: eth:ethertype:ip:tcp:tls:x509sat:x509ce Ethernet II, Src: Tp-LinkT_00:51:e0 (50:d4:f7:00:51:e0), Dst: Chongqin_0b:ac:5b (c0:b5:d7:0b:ac:5b) Internet Protocol Version 4, Src: 10.91.239.125, Dst: 192.168.0.36 Transmission Control Protocol, Src Port: 443, Dst Port: 53902 Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 104 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Version: TLS 1.2 (0x0303) Session ID Length: 32 Session ID: 5f4932aff79a7d3d9fbc2a36e4285a15230359a15aa50be162bdc3d98c8ceab9 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Compression Method: null (0) Extensions: renegotiation_info (len=1) application_layer_protocol_negotiation (len=11) encrypt_then_mac (len=0) extended_master_secret (len=0) JA3S: 605b2495d4fed7b55801e2b008d53731 TLSv1.2 Record Layer: Handshake Protocol: Certificate Length: 975 Certificate Length: 965 Certificate Details: - Common Name (CN): 10.91.239.125 - Organization (O): Internet Widgits Pty Ltd - Locality (L): BENGALURU - State/Province (ST): KARNATAKA - Country (C): [Not provided] - Certificate Format: X.509 - Certificate Length: 965 bytes - Used for server authentication during TLS handshake TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Length: 4 Handshake Type: Server Hello Done (14) Length: 0 Interpretation -------------- - Server supports TLS 1.2. - The chosen cipher suite uses RSA authentication with AES-128 encryption in CBC mode. - Server certificate is presented to authenticate the server; details are shown above. - Server Hello Done message confirms completion of server handshake. - Handshake success indicates support for requested cipher and authentication. Notes ----- - If handshake fails, server may not support the requested cipher. - Verify correct Wireshark interface. - Use filter `tls.handshake` to view handshake packets only. --- End of Document