Let's take a closer look at the client hello. Thanks for watching and please comment to let me know what you think of this content!
@colinrogers99272 жыл бұрын
I think a deep dive would be great. I interview people quite often and most do not fully understand the steps to completing a TLS handshake. Everything from 'What are the 3 main things TLS/SSL provides?', to 'Walk me thru a TLS/SSL handshake in detail...', 'How does client authentication work?', or 'How does renegotiation work?' etc etc. Keep up the great work!
@mustafaabdelfattah2493 Жыл бұрын
Great vidio Mr. Chris for certificate initial analysis and view We would like to you to present more vidios regarding the certificate topic , as it not clear for most of specialists , and deals with certificate tasks or troubleshooting by dummy steps with shortage of knowledge and deep understand . It would be useful vidios if you continued to make vidios for wireshark certificate capture with common certificate issues to be diagnosed by the capture analysis Like , untrusted certificates or self signed , and missmatch of TLS version issue or application version issue ... etc
@anonymousperson451529 ай бұрын
My favourite guy on the internet. Thanks for amazing information as always.
@scottt24812 жыл бұрын
Fascinating Chris. Thanks for putting in the heavy lifting to break down the technology into English. Loving the content my guy
@tomhekker2 жыл бұрын
Your videos are awesome. I am a 20 year network veteran but I keep learning new stuff from you, or nifty WireShark features. Keep the good content up man, love it!
@ChrisGreer2 жыл бұрын
Thank you for the comment tom!
@RolandKnall2 жыл бұрын
As good as ever Chris! Looking forward to the next episodes
@ChrisGreer2 жыл бұрын
Thank you Roland! And a special shout-out to Sake for looking it over first to make sure I didn't say anything completely stupid. 😄
@pmaurin2 жыл бұрын
Awesome intro. Can’t wait for the explanation of the rest of the TLS handshake.
@ChrisGreer2 жыл бұрын
Thank you! I can’t wait to make it!
@venkatesh47602 жыл бұрын
Thanks a lot Chris , I was actually working on enabling ssl on my pihole yesterday , this video helped me a lot in understanding the versions and ciphers. Thanks once again for this clear explanation.
@dark_hyrax50072 жыл бұрын
What a coincidence lol. I was looking for a TLS video on your channel last night and then you posted this video this morning lol. Thanks!🤣
@ChrisGreer2 жыл бұрын
Awesome! Thanks for the comment. I hope this video and the ones to follow help you to understand TLS!
@avinashshankarpalli21302 жыл бұрын
Very crisp explanation 🙂
@x0rZ15t2 жыл бұрын
Thank you, Chris, awesome video as always! Can't wait for the next one!
@ChrisGreer2 жыл бұрын
Thank you for the comment!
@faran_siddiqui-d3t2 жыл бұрын
Nice one Chris😄. Good luck for your BlackHat and Defcon session. I'll one day meet you there in few years!!!
@ChrisGreer2 жыл бұрын
Thanks Faran! For sure, hope to meet you in person one day.
@TheKb1172 жыл бұрын
came and subbed from your interview with David Bombal... great interview, btw.... Now, I gotta google TLS and how it relates to SSL :D
@BenOwen2 жыл бұрын
Thank you so much for the content you put out like this video. I eat up every video, the information is very helpful and the pace great as well. I'd love to keep hearing more about the TLS handshake but any videos with Wireshark in them are great too!
@ceciliaperez-benitoa262 жыл бұрын
Thank you for your informative videos! My basic understanding of TLS is that it is used between endpoint and server to negotiate which encryption algorithm and data integrity to use. What is less clear is whether TLS is itself an encryption protocol? I often see sites refer to it as encryption protocol. CN you clarify. Thank you!
@Azy_Azhar Жыл бұрын
Thank you for the valuble updates,help me to refresh my mind.
@raymation3d2 жыл бұрын
Hello Chris all of your wireshark videos have been helpful!!
@ChrisGreer2 жыл бұрын
Thank you!
@sethbunce46902 жыл бұрын
Very informative video. At one point you hinted that the ServerName might be encrypted in the future. I think that always has to be plaintext for middle-boxes (reverse proxies) which don't terminate TLS. High traffic reverse proxies avoid terminating TLS because it prevents the use of something like splice(2) in the linux kernel which allows piping data from one TCP connection to another without any of the data needing to be decoded in userspace (or decoded at all, other than the ClientHello).
@ChrisGreer2 жыл бұрын
Hi Seth, totally agreed. But I think there will start to be instances where we see it encrypted in the near future. Here is one reference www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
@sethbunce46902 жыл бұрын
@@ChrisGreer First I'd heard of ESNI and ECH. I found the draft RFC in the link you provided. (first impression) Looks like ECH is compatible with the middle-box scenario I outlined (which the RFC calls a split-mode topology). It's distributing a public key via DNS, and providing a fallback where a client can complete negotiation with a server to learn the ECH public key direct from the server (at the cost of an extra round trip). Looks like the middle-boxes performing ECH would need access to the ECH private key, but not the TLS private keys of the backends that terminate TLS. I also found RFC8744 which outlines "unanticipated use of SNI" in section 2.1 which provides the motivation for ECH. I didn't previously understand how SNI was being abused. The reason why Cloudflare is working on ESNI/ECH seems clear. datatracker.ietf.org/doc/rfc8744/ Thank you for sharing your knowledge. I just found your channel today and now I got some binge-watching to do. 🙂
@PKJamal-b5q8 ай бұрын
Thanks, I would love to see more on TSL handshake
@americansoil8260 Жыл бұрын
Thanks look forward to more videos on wireshark
@Joallyson Жыл бұрын
Amazing content! I'd like to see some packet capture with tls handshake mismatching.
@ChrisGreer Жыл бұрын
Great suggestion!
@juanrebella25892 жыл бұрын
Thanks Chris! Appreciated. Juan.
@IK-iu4rz8 ай бұрын
Hi Chris, Thank you so much for your time and effort. Great content as always .Could you do SSL offload on F5 and broken TLS
@tranxn79712 жыл бұрын
Thanks a lot Chris, really good video as usual. I did not know about the "supported version" extensions. It is a bit sad that they are planning to not have Server Name is plain text anymore. That field is really useful to know the name of a server (via HTTPS or RDP) when DNS do not have record of that server.
@ChrisGreer2 жыл бұрын
I agree! Too bad it probably won't be here forever. But hey, I will enjoy it while it lasts... www.cloudflare.com/learning/ssl/what-is-encrypted-sni/
@jpancrazio2 жыл бұрын
As always, great job,, excellent instructing style !
@ChrisGreer2 жыл бұрын
Thank you!
@FelipeAugusto-xh8zc2 жыл бұрын
Fantastic content as always Chris. Would be great to see some content on BGP too. :) Thanks for the hard work
@ChrisGreer2 жыл бұрын
Thanks for the suggestion!
@RolZuela2 жыл бұрын
Thank you as always!
@lamjeri2 жыл бұрын
Funny to hear that TLS standard is planning to make the SNI go away (maybe just encrypt it in the future?). About a month ago, I was solving an issue for a customer, which turned out to be an old browser without SNI support trying to contact an SNI only server. The SNI field (or the absence of it) was key to the discovery of that problem. Encryption of that field would make the diagnosis very difficult.
@ChrisGreer2 жыл бұрын
Didn’t mean to be unclear… by “going away” I meant that there are efforts to encrypt it. ESNI - so yeah, not sure how widely it will be implemented, but one day we may not have it in the clear anymore…
@@ChrisGreer I guessed it would be encrypted rather than removed. It's kinda important nowadays ^_^
@ChrisGreer2 жыл бұрын
Agreed! Which is why when it gets encrypted a very useful troubleshooting data point will be lost!
@SumanthLingappa3 ай бұрын
Chris, as always awesome 😊. Where’s the next video of this? I’m not finding in your channel
@asamitsingh942 жыл бұрын
Best explanation ever saw.. Thank you sir
@ChrisGreer2 жыл бұрын
Thank you! Please share with anyone you think could benefit.
@williambarrett71082 жыл бұрын
I would absolutely like you to expound upon the versions tls starting with the acronym.
@arlemooldijk15952 жыл бұрын
Very interesting video! Now it makes much more sense!👍
@ChrisGreer2 жыл бұрын
Glad you think so!
@tg94602 жыл бұрын
You got my interest. Your explaination and pace is very refreshing. What do you recommend for beginners to learn wireshark? I am very interested in learning this technology.
@paddy71542 жыл бұрын
The version incompabilty pcap would be nice too see :)
@DasEgooDuo2 жыл бұрын
Thank you for the content. Im highly interested why they went for 1.2 cause of some middle boxes. Where does the infos come from that they have to go this version to not let the packets drop?
@ChrisGreer2 жыл бұрын
If they put TLS 1.3 immediately at the handshake layer, what would a middlebox do that is inspecting TLS? If it doesn't yet support 1.3, it will probably drop and reset the connection. I'm very sure a ton of research and testing went into that aspect. The same is true for TCP and other protocols. It is hard to migrate things to new features over boxes that don't yet support those features, all the while still supporting endpoints that have not migrated either.
@EduardKhiaev2 жыл бұрын
Can we look inside a quic packet? Is there a way to see http2/3 in plain text without a proxy in the middle?
@ChrisGreer2 жыл бұрын
kzbin.info/www/bejne/h4O1eXSVas2GaMU I did a video on how to capture the TLS 1.3 keys on the client side. I include the pcap and keylog in the video so you can follow along.
@jjames72062 жыл бұрын
Great topic!! Chris, Great!
@ChrisGreer2 жыл бұрын
Glad you enjoyed it!
@TheChinobi232 жыл бұрын
Amazing content
@polhokustaa49893 ай бұрын
I would be interested to know how I could measure round trip times vs. application processing time of a web server. This would be very useful to identify if the slowness is caused by the network (round trip time) or by the application.
@kkb85102 жыл бұрын
Hey Chris please do a video as you mentioned about broken tls conversations.
@ChrisGreer2 жыл бұрын
Thanks for the feedback!
@u2gotcha2 жыл бұрын
Thanks Chris, what will be best way to decrypt SSL communication in the server side with tshark
@ChrisGreer2 жыл бұрын
At that point, the only way I have seen it done is with a TLS proxy. But I am sure if you Google hard enough you will find others…here is an example. www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-ssl-proxy.pdf
@eregaifredrick772 жыл бұрын
Hey chris, can i use wireshark when deploying openstack services
@TheBoyNamedR2 жыл бұрын
I'm at the beginning of my IT journey. Currently Helpdesk, looking to move to Networking, then maybe SOC. Is this covered in any certification or is this on the job/experience learning?
@ChrisGreer2 жыл бұрын
Yeah there are several certs in the industry where having a good sense of packet analysis and protocols will help. CCNA, Net+, even Sec+ just to name a few
@praveenas13892 жыл бұрын
@chris geat video!!! A question..Out of curiosity.. is it possible that there could be a case where client's cipher suite doesn't match with the server ? In that case, will it be like client will not be able to access that server at all ?
@ChrisGreer2 жыл бұрын
That is correct, the server should return an error and the handshake will fail if there is a cipher mismatch. I am looking for a pcap to demo that - it would make a nice video!
@praveenas13892 жыл бұрын
Thank you so much!!! You are the best!!!
@jackbloem34372 жыл бұрын
Love your videos
@ChrisGreer2 жыл бұрын
Thanks!
@majiddehbi91862 жыл бұрын
as alwasy clear precise, perfect my respect chris and good bless u, you make me less stupid at every video u made God bless u
@ChrisGreer2 жыл бұрын
Thank you!
@uzumakiuchiha76782 жыл бұрын
Thanks
@joerockhead72462 жыл бұрын
Chris, Great video. I recently came across a TLS issue where the client sent the hello and never received the server hello back. There was some confusion to the Record version vs the Handshake protocol version. Thanks for clarification.
@arlemooldijk15952 жыл бұрын
I ran into the same about a month or so ago, now that I saw this video I understand why there's TLS 1.0 in the first part and TLS 1.2 in the next. I think the issue is related to ciphers not being supported by the server because I also see no reponse from the server after the client hello. Hopefully Chris can confirm if that it is indeed expected behavior (or could be).
@neadlead26212 жыл бұрын
hello chris I really appreciate your work,thank you for sharing your knowledge I hope that u can answer my question ,in david's video where he explain tls we find that the client start with the change cipher spec but here we find that the server starts can you please explain why,hope you the best
@ChrisGreer2 жыл бұрын
Typically, the client gives a list of supported ciphers, the server selects one, then in 1.3, changes cipher spec to start using it. After that the client does the same and we complete the handshake. Hope that helps
@neadlead26212 жыл бұрын
@@ChrisGreer thanks chris for the help
@upelister2 жыл бұрын
Great video thank you.🦈
@ChrisGreer2 жыл бұрын
Glad you enjoyed it
@rajneeshrai17812 жыл бұрын
You sniff my mind really wanted to learn about this #Chris #TLS
@ChrisGreer2 жыл бұрын
Glad you like the content! I have been hoping to do this content for some time. It's gonna be fun to dig into.
@jfiffick Жыл бұрын
When I type tcp contains wireshark or any other site, my display filter show red as its invalid.
@jfiffick Жыл бұрын
Need to add quotes around the word your are searching for in new release of Wireshark. tcp contains "wireshark"
@aqeelkirmani73912 жыл бұрын
Why am I getting alert from client side TLS 1.3 - ALERT LEVEL - FATAL - DESCRIPTION PROTOCOL VERSION and then client sending a rst when I have the exact same client hello as in this video
@ChrisGreer2 жыл бұрын
Could you share the pcap? packetpioneer (at) gmail.com
@767392 жыл бұрын
Thanks 👍
@ChrisGreer2 жыл бұрын
No problem 👍
@patrickborys34902 жыл бұрын
Hi, I would like to see the corrupt version of a handshake ;) !!
@ChrisGreer2 жыл бұрын
For sure! I will make a video for that
@patrickborys34902 жыл бұрын
@@ChrisGreer Cant wait :) ! Love your videos !! :)) Thanks for sharing your knowladge !
@dynamics90002 жыл бұрын
You always have an excuse that stops you from starting a business, Then you are the one to demolish the excuses and get started ! a fellow creator][][][
@ggutierrezdieck2 жыл бұрын
Hi Chris, great video, as always with all your videos. Thanks. I would be very interested in a video regarding issues with TLS version mismatch. I have a customer with an issue that seems related to this, but I cant figure it out so your video will be an awesome tool to try to understand. if you have some resources that could help it will be greatly appreciated.
@ChrisGreer2 жыл бұрын
Ok Gerardo, thanks for the feedback!
@devanandjha52842 жыл бұрын
Yes,we would like to see broken communication due to tls mismatch
@ChrisGreer2 жыл бұрын
Thanks for the comment!
@bricianmcwilliams28392 жыл бұрын
Broken TLS video, please! :)
@Naveenbabuborugadda Жыл бұрын
Your eyes are green
@raya3068 Жыл бұрын
@tg94602 жыл бұрын
You got my interest. Your explaination and pace is very refreshing. What do you recommend for beginners to learn wireshark? I am very interested in learning this technology.
@ChrisGreer2 жыл бұрын
Look no further! kzbin.info/www/bejne/hYaQcmV7orulgbM this video on my channel is great for beginners to learn wireshark.
@jackbloem34372 жыл бұрын
I know we need the theory but the practical stuff you teach is very interesting.