When you enter the URL at the beginning of HTTPS in the address bar of the browser, there is a lot of communication between the browser and the server within the next hundreds of milliseconds. Infoq's article has a very detailed description of this. The first step in these complex steps is to negotiate a key algorithm that is used in subsequent communications between the browser and the server. The process is simple:
- The browser puts itself in support of a series of cipher suite (key algorithm suite, hereinafter referred to as cipher) [C1,C2,C3, ...] Sent to the server;
- After the server receives all the cipher of the browser, it contrasts with its own supported suite, and informs the browser if it finds cipher supported by both parties;
- The browser and the server use the matching cipher for subsequent communication. If the server does not find a matching algorithm, the browser (in Firefox 30, for example, the browser used in subsequent examples is this version of Firefox) will give the error message:
This article will explain how to explore this process.
1. Browser
What cipher does the browser support? This depends on the version of the SSL/TLS protocol supported by the browser. In practice, we usually put HTTPS and SSL protocol together; In fact, the SSL protocol was the Netcape company's agreement in the middle of the 90 's, which developed itself to version 3.0. 1999 the agreement was taken over by Itel, which was standardized and renamed TLS. It can be said that TLS 1.0 is the SSL 3.1 version. There is no SSL-independent entry on Wikipedia, but it redirects to TLS, and the two protocols are closely related. Currently the latest version of TLS is 1.2. Over 99% of the websites on the Internet Support TLS 1.0, while the Web site that supports TLS 1.2 is less than 40%. Open the Firefox browser, enter About:config in the Address bar, and then search for tls.version, and you will see the following options:
Among them, Security.tls.version.min and Security.tls.version.max two determines the SSL/TLS version supported by Firefox, according to the Firefox documentation, the optional values of these two items and the protocols they represent are:
- 0–SSL 3.0
- 1–TLS 1.0
- 2–TLS 1.1
- 3–TLS 1.2
The setting therefore indicates that the lower limit of the current browser support protocol is SSL 3.0, and the upper limit is TLS 1.2. Now, if you change the security.tls.version.min to 3, then the browser will only support TLS 1.2. As mentioned earlier, only less than 40% of the sites currently support TLS 1.2, such as Amazon is not in the 40% column, so at this time access to https://amazon.com, you will receive "Secure Connection Failed" error message, 2 is shown.
Once you understand the SSL/TLS protocol, you can use Wireshark (or similar tools that can be used to grab network packets) to view all the cipher that the browser sends to the server by analyzing the network packet's information. The Wireshark is a simple yet very powerful grab bag tool.
The browser initiates the handshake protocol, which is a "ClientHello" message, in which Firefox-supported cipher can be found. In Wireshark, sort by the Protocol protocol, and then find an info "Client Hello" from the TLS 1.2 protocol message. Select this, and then locate the secure Sockets layer, TLSv1.2 Record layer, handshake protocal, Cipher Suites in the Message information window below. The first cipher in the example is tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, with a total of 23:
If you continue to find a message with info "Serverhello", you can find the cipher returned by the server in a similar location, in this case Tls_ecdhe_rsa_with_aes_256_cbc_sha:
The meaning of the long string name of the key algorithm is explained later. Next, the browser waits for the server to respond to its request. Let's take a look at what's been done on the server side.
2. Server
Let's take windows as an example. To see which key algorithms are supported by the operating system, you can run Gpedit.msc and go to "Network", "Computer Configuration", "Administrative Templates" SSL Configuration Settings ", you can see the" SSL Cipher Suite Order "item on the right side of the window:
Click on the entry to enter "SSL Cipher Suite Order". Here you can see the collection of cipher supported by the operating system, and the sorting of different cipher
If you need to adjust the sorting here, or remove some weak cipher, you can click on "Enabled" in the top left corner and then rewrite the list of edit cipher in options. If you prefer the command line, you can modify the key algorithm suite with the following PowerShell command:
Set-itemproperty-path Hklm:/software/policies/microsoft/cryptography/configuration/ssl/0001002-name Functions- Value "Xxx,xxx,xxx"
So what does this long string of cipher name mean? In fact, each of the cipher's names contains four parts of information, namely
- Key exchange algorithm , used to determine how the client and server in the process of handshake between the authentication, the use of algorithms including RSA,DIFFIE-HELLMAN,ECDH,PSK, etc.
- encryption algorithm , used to encrypt the message flow, usually with two digits, indicating the length of the key and the length of the initial vector, such as des 56/56, RC2 56/128, RC4 128/128, AES 128/128, AES 256/256
- Message authentication Information code (MAC) algorithm for creating message summaries to ensure the integrity of messages (without tampering), algorithms including Md5,sha, etc.
- PRF (pseudo-random number function), which is used to generate "master secret".
It seems that there is a need for an introduction to the book to fully understand the contents of the above (I am overwhelmed). However, it is helpful to understand the name of cipher, such as the cipher that the front server sent back to the client: Tls_ecdhe_rsa_with_aes_256_cbc_sha. from its name, it is
- Based on the TLS protocol;
- Using Ecdhe, RSA as the key exchange algorithm;
- The encryption algorithm is AES (the length of both the key and the initial vector is 256);
- The MAC algorithm (here is the hashing algorithm) is SHA.
After familiar with the meaning behind the cipher name, let's look at how a Web server like IIS chooses a key algorithm. If the browser's key algorithm suite is [C1, C2, C3], and Windows Server supports a suite of [C4, C2, C1, C3], C1 and C2 are both supported by both sides of the algorithm, is IIS a priority to return C1, or C2 it? the answer is C2. IIS traverses the server's key algorithm suite, takes out the first C4, finds that the browser is not supported, and then takes a second C2, which is supported by the browser! IIS then selects the C2 algorithm and includes it in a "Serverhello" handshake protocol, which is sent back to the client. This will have the result in Figure 5.
3. Select
As a browser user, you can allow your browser to access only sites that support the TLS 1.2 protocol for better security and worse experiences. As a server maintainer, it seems that the strongest cipher are in front of the right choice. Not long ago, we developed a web tax system in a third-party security checks, one of the issues reported is that the server default cipher is too weak (rc4-based), so we used the aes-based cipher, but the key length is only selected 128 , instead of 256, the underlying concern comes mainly from performance--encryption and decryption are CPU intensive operations, and we worry that too strong cipher will bring performance problems when the tax season is busy.
In fact, internet companies like Amazon and Google are using rc4-based encryption algorithms. This is another clash between theory and practice. As for the adjustment of the online system will not affect the performance, a few months later can be seen.
Analysis of principle mechanism of HTTPS encryption algorithm