README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA - DHE-RSA + AES-256 CBC + SHA1)  

Purpose  
-------  
Verify server supports TLS 1.2 with DHE-RSA-AES256-SHA cipher by capturing TLS handshake via curl and Wireshark.

Prerequisites  
-------------  
- curl installed  
- Wireshark installed  
- Network access to server 10.91.239.125  

Testing Procedure  
-----------------  
1. Run:  
   curl -v --tlsv1.2 --ciphers DHE-RSA-AES256-SHA https://10.91.239.125  
2. Start Wireshark capture on your interface.  
3. Apply filter: tls.handshake  
4. Observe Server Hello, Certificate, Server Hello Done packets for encryption and authentication details.

Wireshark Packet Summary  
------------------------  
Frame 9: 1952 bytes on wire (15616 bits), 1952 bytes captured (15616 bits) on interface wlp4s0, id 0  
Ethernet II, Src: Tp-LinkT_00:51:e0 (50:d4:f7:00:51:e0), Dst: Chongqin_0b:ac:5b (c0:b5:d7:0b:ac:5b)  
Internet Protocol Version 4, Src: 10.91.239.125, Dst: 192.168.0.36  
Transmission Control Protocol, Src Port: 443, Dst Port: 44654, Seq: 1, Ack: 518, Len: 1886  
Transport Layer Security  
  TLSv1.2 Record Layer: Handshake Protocol: Server Hello  
    Content Type: Handshake (22)  
    Version: TLS 1.2 (0x0303)  
    Length: 104  
    Handshake Protocol: Server Hello  
      Handshake Type: Server Hello (2)  
      Length: 100  
      Version: TLS 1.2 (0x0303)  
      Random: fde78148b908faf454081be86781ccd7b6d9b63ac7967073f6deb599c27e3682  
      Session ID Length: 32  
      Session ID: 488fbb2e411a788416491754409db31e155d90a5b974802448d73c5afea42b2f  
      Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)  
      Compression Method: null (0)  
      Extensions Length: 28  
      Extension: renegotiation_info (len=1)  
      Extension: application_layer_protocol_negotiation (len=11)  
      Extension: encrypt_then_mac (len=0)  
      Extension: extended_master_secret (len=0)  
      [JA3S Fullstring: 771,57,65281-16-22-23]  
      [JA3S: 1ca7374f5931c454b1bbbbe4bfe4202f]  

  TLSv1.2 Record Layer: Handshake Protocol: Certificate  
    Content Type: Handshake (22)  
    Version: TLS 1.2 (0x0303)  
    Length: 975  
    Handshake Protocol: Certificate  
      Handshake Type: Certificate (11)  
      Length: 971  
      Certificates Length: 968  
      Certificates (968 bytes)  
        Certificate Length: 965  
        Certificate: 308203c1308202a9a00302010202143a1c6e7542b6bedcd6cbf6bf3c048453eefd009a30…  
        (CN=10.91.239.125, O=Internet Widgits Pty Ltd, L=BENGALURU, ST=KARNATAKA)  

  TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange  
    Content Type: Handshake (22)  
    Version: TLS 1.2 (0x0303)  
    Length: 783  
    Handshake Protocol: Server Key Exchange  
      Handshake Type: Server Key Exchange (12)  
      Length: 779  
      Diffie-Hellman Server Params  

  TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done  
    Content Type: Handshake (22)  
    Version: TLS 1.2 (0x0303)  
    Length: 4  
    Handshake Protocol: Server Hello Done  
      Handshake Type: Server Hello Done (14)  
      Length: 0  

Interpretation  
--------------  
- Server supports TLS 1.2.  
- Cipher suite uses DHE-RSA for authentication with AES-256 CBC encryption and SHA-1 MAC.  
- Server certificate authenticates the server.  
- Server Hello Done indicates handshake completion.  
- Successful handshake confirms cipher and authentication support.

Notes  
-----  
- Handshake failure means server may not support this cipher.  
- Verify correct interface in Wireshark.  
- Use filter `tls.handshake` to isolate handshake packets only.

---

End of Document