Wiresharking TLS - What happens during TLS 1.2 and TLS 1.3 Handshake

Рет қаралды 19,371

Күн бұрын

In this video, I pull the curtain behind Transport Layer Security and see exactly what happens, what packets are sent, and much more.
Chapters
0:00 Intro
1:37 TLS 1.2
10:30 Failed TLS 1.3 Handshake
13:07 TLS 1.3
#wireshark_them_all
🏭 Backend Engineering Videos
• Backend Engineering (B...
💾 Database Engineering Videos
• Database Engineering
🛰 Network Engineering Videos
• Network Engineering
🏰 Load Balancing and Proxies Videos
• Proxies
🐘 Postgres Videos
• PostgresSQL
🚢Docker
• Docker
🧮 Programming Pattern Videos
• Programming Patterns
🛡 Web Security Videos
• Web Security
🦠 HTTP Videos
• HTTP
🐍 Python Videos
• Python by Example
🔆 Javascript Videos
• Javascript by Example
👾Discord Server / discord
Become a Member
/ @hnasr
Support me on PayPal
bit.ly/33ENps4
Become a Patreon
/ hnasr
Stay Awesome,
Hussein

Пікірлер: 31

@rauldeandrade 3 жыл бұрын

Thumbs up for wireshark all things comment lol. You get off track easily (like I tend to do), but you also go deep and I really appreciate that! Thanks man. You've taught me a lot

@PouriyaJamshidi 4 жыл бұрын

Good stuff Hussein. The reason it shows TLS 1.2 when you are using TLS 1.3 is to avoid a problem called "version intolerance" because some servers do not implement it properly. It is discussed in RFC 8446.

@hnasr 4 жыл бұрын

pouriya jamshidi Thanks Pouriya! Aha! You are a networking genius!

@PouriyaJamshidi 4 жыл бұрын

@@hnasr Haha I wish! You are welcome bro!

@hnasr 4 жыл бұрын

I am going to make a video on this . This is due to protocol ossification the same problem preventing us from running HTTP/2 on port 80 en.wikipedia.org/wiki/Protocol_ossification

@PouriyaJamshidi 4 жыл бұрын

@@hnasr Cool! I look forward to it

@debugmedia 4 жыл бұрын

I can't even understand what these things are, I'm just here to support. I'v been working as a Front End Engineer for 2years now, maybe now Its time to explore the Back End aswell PS: I am a hardcore Node Js Mongo MySQL backender, apart from these I dont know anything in backend not even php 😅

@YouB3anz 2 жыл бұрын

This channel is magic

@madfury3179 3 жыл бұрын

2:58 The number of packets is displayed on the bottom right: "Packets 12671 Displayed: 23 (0.2%)"

@caruccio 2 жыл бұрын

excellent content, funny guy.

@freeloaderno1 Жыл бұрын

Great video Hussein! I just discovered your channel today and you are awesome. This is your third video I've checked out today and I have found them all very informative while still managing to crack me up :D Anyone know why Client Hello packet at 4:32 shows "Version: TLS 1.0 (0x0301)" at the top just under the Record Layer block? I am seeing the same thing when I test and I'm wondering if it is just meant to denote the major version or something. Seems weird to me, given that it shows TLS 1.2 above and below that

@danifeldman8884 3 жыл бұрын

+1 like, sir :) I am learning how to use the OpenSSL library and after your explanation I know it better what my C++ server test application does :))

@hnasr 3 жыл бұрын

Pretty cool Dani! You are deep into this stuff looks like it 👍

@F.a797 4 жыл бұрын

Hussein I've seen your video about DoS attacks and it was great. It would be awesome if you did a followup video on DoS mitigation techniques.

@hnasr 4 жыл бұрын

Good idea!

@jamesdustin4041 2 жыл бұрын

instablaster...

@tanmoymallick8244 4 жыл бұрын

Hussein , nice one..so nginx only supported TLS 1.2 ??

@hnasr 4 жыл бұрын

TANMOY MALLICK thanks! No NginX does support TLS 1.3 (made a video on it) its just the nginx website did not enable it for some reason)

@palaniappanrm6277 4 жыл бұрын

Have waited for this for long time. Great video. I didn't get only 1 part. What is "change cipher spec" ?

@hnasr 4 жыл бұрын

Palaniappan RM so the client sends a list of ciphers (encryption algorithms) it supports and server responds with back with the change cipher spec picking the algorithms it supports. I explained that in the TLS video in details

@palaniappanrm6277 4 жыл бұрын

@@hnasr oh yeah I know this part but I don't know that this is called as Change cipher spec. Thank you.

@AlexZeBeast Жыл бұрын

Great :D

@leabednarczyk3078 3 жыл бұрын

9:31 "is impossible" :: not for me. Those who can't completely decrypt packets cant insp[ect streams. (if one have/is on the end of stream)

@abhaypratap5311 4 жыл бұрын

It's handshake comparison between tls 1.2 and tls 1.3 version

@anujsharma3656 3 жыл бұрын

Hi Hussien....Can you please explain how does the certificate exchange and trust is build on 1.3. I can see that in TLS 1.2 the certificate shows server certificate and the intermediate CA ( excluding the root CA). Though in TLS 1.3 , I dont understand how certificate verification chain is built by the client in TLS1.3 as i dont see any certificate are being sent so how does the client built the trust chain ? Can you please advise.

@hnasr 3 жыл бұрын

Hmm interesting. Reading the spec it seems that 1.3 omits parent certs if the client already know them tools.ietf.org/html/rfc8446#section-4.4.2 Because certificate validation requires that trust anchors be distributed independently, a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates.

@anujsharma3656 3 жыл бұрын

@@hnasr Thanks for prompt response though it goes beyond my small brain. Not sure what independent method is used for creating trust path. My main problem was find how does the server communicate alternate trust path in cross signed cert (intermediate CA which has signed cert with more than on CA) ie does server send on on trust path to the client or more than one trust path in one go? I am not making to long but if you know that would be great. I have few other question about cross signing I would really like to ask :-)

@anujsharma3656 3 жыл бұрын

Thanks for sharing the RFC. . After reading 4.4.2.2 my hypothessis is I was using chrome and chrome uses AIA attribute fromwithin from the server certificate to build chain by querying the internet, so possibly the client is not sending information about chain but alteast the server certificate should be sent in TLS which I am not sure goes in which tag in server hello call by server