README: TLS Authentication and Encryption Algorithm Testing  
(Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA - DHE-RSA + AES-128 CBC + SHA1)

===========================================================

Purpose
-------
This document explains how to verify if a server supports a specific TLS authentication and encryption algorithm by capturing and analyzing a TLS handshake using curl and Wireshark.

Prerequisites
-------------
- curl installed
- Wireshark installed
- Network access to the target server (e.g., 10.91.239.125)

Testing Procedure
-----------------
1. Run the command:
   curl -v --tlsv1.2 --ciphers DHE-RSA-AES128-SHA https://10.91.239.125

2. Start capturing packets on your network interface using Wireshark while running the curl command.

3. In Wireshark, apply the display filter:
   tls.handshake

4. Observe the TLS handshake packets, focusing on:
   - Server Hello: TLS version, cipher suite chosen by the server, session ID, and extensions.
   - Certificate: Contains the server’s SSL certificate for authentication.
   - Server Hello Done: Marks completion of the server handshake messages.

Key Information to Validate
---------------------------
- TLS Version: TLS 1.2 (0x0303)
- Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
  - DHE-RSA for authentication and key exchange
  - AES-128 encryption in CBC mode
  - SHA-1 for message authentication
- Compression: null (no compression)
- Extensions: renegotiation_info, application_layer_protocol_negotiation, encrypt_then_mac, extended_master_secret

Sample Wireshark Packet Summary
-------------------------------
Frame 8: 1952 bytes on wire (15616 bits), 1952 bytes captured (15616 bits) on interface wlp4s0, id 0  
Ethernet II, Src: Tp-LinkT_00:51:e0 (50:d4:f7:00:51:e0), Dst: Chongqin_0b:ac:5b (c0:b5:d7:0b:ac:5b)  
Internet Protocol Version 4, Src: 10.91.239.125, Dst: 192.168.0.36  
Transmission Control Protocol, Src Port: 443, Dst Port: 48898, Seq: 1, Ack: 518, Len: 1886  
Transport Layer Security  
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello  
        Content Type: Handshake (22)  
        Version: TLS 1.2 (0x0303)  
        Length: 104  
        Handshake Protocol: Server Hello  
            Handshake Type: Server Hello (2)  
            Length: 100  
            Version: TLS 1.2 (0x0303)  
            Random: b5dda2a8968ca33679b9c371841dbc204ea097f854baa65b57d6146e7f6925e1  
            Session ID Length: 32  
            Session ID: 240238aa94bbac9df5c3fde5ce96fec300cf903d7cc36a2c9cdec85ed3552a7f  
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)  
            Compression Method: null (0)  
            Extensions Length: 28  
            Extension: renegotiation_info (len=1)  
            Extension: application_layer_protocol_negotiation (len=11)  
            Extension: encrypt_then_mac (len=0)  
            Extension: extended_master_secret (len=0)  
            [JA3S Fullstring: 771,51,65281-16-22-23]  
            [JA3S: 47a700fbb7a53274b4deba7791d09c49]  
    TLSv1.2 Record Layer: Handshake Protocol: Certificate  
        Content Type: Handshake (22)  
        Version: TLS 1.2 (0x0303)  
        Length: 975  
        Handshake Protocol: Certificate  
            Handshake Type: Certificate (11)  
            Length: 971  
            Certificates Length: 968  
            Certificates (968 bytes)  
                Certificate Length: 965  
                Certificate: 308203c1308202a9a00302010202143a1c6e7542b6bedcd6cbf6bf3c048453eefd009a30… (id-at-commonName=10.91.239.125,id-at-organizationName=Internet Widgits Pty Ltd,id-at-localityName=BENGALURU,id-at-stateOrProvinceName=KARNATAKA,id-at  
    TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange  
        Content Type: Handshake (22)  
        Version: TLS 1.2 (0x0303)  
        Length: 783  
        Handshake Protocol: Server Key Exchange  
            Handshake Type: Server Key Exchange (12)  
            Length: 779  
            Diffie-Hellman Server Params  
                p Length: 256  
                p: ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea6…  
                g Length: 1  
                g: 02  
                Pubkey Length: 256  
                Pubkey: 68244063e6439e327661b2454e9e650cad10d7b41bccc6ff7c35bc4c59518f644e1ff380…  
                Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)  
                Signature Length: 256  
                Signature: 30c8a528519d8e44511e0551ecba0c6b846a26969e54938d1cfaae9a7deb93723652a5d4…  
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done  
        Content Type: Handshake (22)  
        Version: TLS 1.2 (0x0303)  
        Length: 4  
        Handshake Protocol: Server Hello Done  

Interpretation
--------------
- Server supports TLS 1.2.  
- The chosen cipher suite uses DHE-RSA key exchange with AES-128 encryption in CBC mode and SHA-1 for message authentication.  
- Server certificate authenticates the server with details as above.  
- Server Hello Done indicates handshake completion.  
- Successful handshake confirms support for requested cipher and authentication.

Notes
-----
- If handshake fails, server may not support the requested cipher.  
- Verify correct Wireshark interface.  
- Use filter `tls.handshake` to view handshake packets only.

---

End of Document