Secure Socket Layer (SSL)

SSL provides communication security between two hosts. It provides integrity, authentication and confidentiality. It is used most commonly in web browsers, but can be used with any protocol that uses TCP as the transport layer.

History

SSL was originally a Netscape project realized in association with MasterCard, Bank of America, MDI & Silicon Graphics. The first version, SSLv1, wasn't released. SSLv2 was replaced by SSLv3 in 1999 because of security problems. At this time, SSL became a standard so IETF bought a patent and created TLS in 2001 (standard actually used a derivation of SSLv3).

Protocol dependencies

Some well known TCP ports for SSL traffic are

Example traffic

Below is some excerpt from the snakeoil2 capture: 

Secure Socket Layer
    SSLv2 Record Layer: Client Hello
        Length: 103
        Handshake Message Type: Client Hello (1)
        Version: SSL 3.0 (0x0300)
        Cipher Spec Length: 78
        Session ID Length: 0
        Challenge Length: 16
        Cipher Specs (26 specs)
            Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
            [ more Cipher Specs deleted ]
        Challenge

Secure Socket Layer
    SSLv3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 74
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 70
            Version: SSL 3.0 (0x0300)
            Random
                gmt_unix_time: Apr 24, 2006 11:04:15.000000000
                random_bytes: FE81ED93650288A3F8EB63860E2CF68DD00F2C2AD64FCD2D...
            Session ID Length: 32
            Session ID (32 bytes)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Compression Method: null (0)
    SSLv3 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 836
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 832
            [ Certificate details deleted ]
    SSLv3 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 4
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

Secure Socket Layer
    SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 132
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 128
    SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: SSL 3.0 (0x0300)
        Length: 1
        Change Cipher Spec Message
    SSLv3 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 64
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 36
            MD5 Hash
            SHA-1 Hash

Secure Socket Layer
    SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: SSL 3.0 (0x0300)
        Length: 1
        Change Cipher Spec Message
    SSLv3 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 64
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 36
            MD5 Hash
            SHA-1 Hash

Secure Socket Layer
    SSLv3 Record Layer: Application Data Protocol: http
        Content Type: Application Data (23)
        Version: SSL 3.0 (0x0300)
        Length: 432
        Encrypted Application Data: 4AC33E9D7778012CB4BC4C9A84D7B9900C2110F0FA007C16...
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
        Request Method: GET
        Request URI: /
        Request Version: HTTP/1.1
    Host: localhost\r\n
    User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2\r\n
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n
    Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3\r\n
    Accept-Encoding: gzip,deflate\r\n
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
    Keep-Alive: 300\r\n
    Connection: keep-alive\r\n
    \r\n

Wireshark

The SSL dissector is fully functional and even supports advanced features such as decryption of SSL if the encryption key can be provided and WireShark is compiled against Gnu-TLS (rather than openssl or bsafe).

Preference Settings

If Wireshark is compiled with SSL decryption support, there will be a new option in the preferences for SSL. This only works for RSA key exchange if the RSA keys can be provided. If the key entry option is absent - then verify if you Wireshark against the required GnuTLS. This can be done with  wireshark -v . The output shoudl include GnuTLS and GCrypt. If you see without GnuTLS, without Gcrypt, then you will need reconfigure with --with-gnutls, recompile and reinstall..

RSA keys list

This option specifies the bindings between an IP address, a port, a protocol and a decryption key.
Example: 127.0.0.1,443,http,/path/to/snakeoil2.key

You can specify several such bindings by separating them with ';'
UNIX/Linux example 

127.0.0.1,443,http,/path/to/snakeoil2.key;10.1.1.1,8080,smtp,/other/path/key.pem


Note: The path to the key file doesn't support ~ expansion.

Windows example: 

127.0.0.1,443,http,c:\path\to\snakeoil2.key

Key File format conversion

The fileformat needed is 'PEM'. Note that it is common practice on webservers to combine the public key (or certificate) and the private key in a single PEM file.

In that case - locate this PEM file and cut and paste the section headed by 'PRIVATE KEY' (including header and footer) into a new 'file.key' file.

On windows keys are often stored in PKCS7/DER format (locally) or in NET format (from any directory server). Use the following to convert: 

# for PKCS7/DER keys (as held on disk)
openssl pkcs8 -nocrypt -in derfile.key -inform DER -out key.pem -outform PEM
# for NET keys (from the directory server)
openssl pkcs8 -nocrypt -in file.ick -inform NET -out key.pem -outform PEM

On MacOSX, Solaris, around Oracle and various other systems the fileformat used is often PKCS#12. Convert with: 

openssl pkcs12 -nodes -in file.p12 -out key.pem -nocerts -nodes

And check that the file contains a 'PRIVATE KEY' header. I.e. it should look like this: 

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtIvaDmeOGleYuxT01GfAmgugHVlqCOFfGYqy3gxMWt/fxO/7
s7BJzqnhAFOWBjmBAdj7hHmPyCoJM7/MdCDJt1y7d20BJAGxD0ZQ4kxzGZDCjc5z
....... some 20-100 lines of base64 encoded data ...............
Jh2kZkKoVG3Qr+66IlBDuVllIbwQU0F1fYy2FTjZL4vbmdupwHUyTnPK57vP8RJ7
cpc1qwLZxfurxZfhI9gxXOO5eUg1WBupw029SSoSafYBqO4a9wg1OA==
-----END RSA PRIVATE KEY-----

On linux you occasionally may encounter a wrongly packaged DER or NET file with a certain commercial product; in which case you can use: 

openssl x509 -nocrypt -in foo.der -informat DER -out key.pem -outformat PEM
openssl x509 -nocrypt -in foo.net -informat NET -out key.pem -outformat PEM

and them can manually edit the file to just leave the 'PRIVATE KEY' section.

start_tls

SSL may be introduced underneath a protocol in the course of a conversation through the use of a "start_tls" command. For example, an LDAP conversation may be proceeding on port 389 until the LDAP client issues a "start_tls" command - see RFC2830 - at which point the subsequent LDAP operations are protected by SSL.

If the key list is specified as:

127.0.01,389,ldap,c:\path\to\snakeoil2.key


then all the traffic on port 389 will be treated as SSL, including the LDAP traffic prior to the "start_tls" command.

In order to dissect both clear LDAP traffic and the SSL protected LDAP traffic (on the same port), use the string "start_tls" rather than the port number. For example:

127.0.0.1,start_tls,ldap,c:\path\to\snakeoil2.key


Example capture file

SampleCaptures/snakeoil2_070531.tgz Set RSA keys list to 127.0.0.1,443,http,/path/to/snakeoil2.key to decrypt [Unix/Linux]

Display Filter

A complete list of SSL display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter SSL protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Complete walk through

Ensure you have a version of wireshark with gnu-tls support: 

$ wireshark --version
wireshark 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.9, with GLib 2.16.3, with libpcap 0.9.8, with libz
1.2.3, without POSIX capabilities, with libpcre 7.4, with SMI 0.4.7, with ADNS,
without Lua, with GnuTLS 2.2.2, with Gcrypt 1.4.0, with Heimdal Kerberos,
without PortAudio, without AirPcap.

Running on FreeBSD 7.0-RELEASE, with libpcap version 0.9.8.

Built using gcc 4.2.1 20070719  [FreeBSD].

Specifically check for the with GnuTLS 2.2.2 in the output.

Next create a server certificate with: 

openssl req -new -x509 -out server.pem -nodes -keyout privkey.pem -subj /CN=localhost

Now run a server using above: 

openssl s_server -www -ssl3 -cipher AES256-SHA -key privkey.pem

and test that the server works by going to https://localhost:4433/ (use the flag -accept 443 to bind above to the normal https port).

Now start wireshark - add above privkey.pem in the SSL preference pane:

http://people.apache.org/~dirkx/settings.png

This should result in a config snipped in the file ~/.wireshark/preferences 

ssl.desegment_ssl_records: TRUE
ssl.desegment_ssl_application_data: TRUE
ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem
ssl.debug_file: /home/dirkx/.wireshark-log

and configure the capturing:

http://people.apache.org/~dirkx/config.png

and then do a test request; for example with the command 

openssl s_client  -ssl3

followed by typing 

GET / HTTP/1.0
<empty line>

Then stop your capture. The screen should look like attached:

http://people.apache.org/~dirkx/dump.png

And the tcp connection like

http://people.apache.org/~dirkx/tcp.png

and analyse the SSL shows you:

http://people.apache.org/~dirkx/ssl.png

Or if you want to observe authentication with a client cert; try the following: 

# Generate self signed cert
openssl req -new -x509 -nodes -out client.pem -keyout client.key -subj /CN=Moi/O=Foo/C=NL

# Start a server
openssl s_server -ssl3 -cipher AES256-SHA -accept 4443 -www -CAfile client.pem -verify 1 -key privkey.pem

# And test
(echo GET / HTTP/1.0; echo ; sleep 1) | openssl s_client -connect localhost:4443 -ssl3 -cert client.pem -key client.key

# tshark commands
tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem" -o "ssl.debug_file: /home/dirkx/.wireshark-log" -i eth0 -R "tcp.port == 4443"

The log should look like http://people.apache.org/~dirkx/wireshark.log. Or, a more realistic example with Firefox is at http://people.apache.org/~dirkx/wireshark-firefox.log (from 10.11.0.200->10.11.0.111, port 4433).

External links

Discussion

SSL (last edited 2008-11-06 22:21:19 by JasonGarland)