准备工作

Wireshark是一个非常强大的网络分析软件，下载地址：Wireshark · Download，目前最新版本是4.0.4。选择Windows的安装包下载安装，安装后以管理员身份运行Wireshark，打开页面如下：

选择自己联网的网卡，我这里是用WLAN，点击左上角工具栏中蓝色的鲨鱼鳍开始捕获分组，用postman调用一个https的接口捕获结果如下（过滤器ip.addr == 43.138.42.168 and tls）：

Linux下可以使用tcpdump命令抓取网络包，并保存为pcap格式，在Windows上用Wireshark可以打开这种格式的文件。

# linux下用tcpdump抓取网络包
# -i是抓取的指定网卡，port和host指定抓取的端口和主机 -w是保存为文件
tcpdump -s 0  -i eth1  port 443 and host 43.138.42.168 -w https.pcap

从上面抓取的网络包中可以看出客户端与服务器通信的TLS版本为1.2。选取第一个包，内容结构如下图：

上图的包结构从上到下依次是物理层的数据帧，数据链路层的Ethernet帧，IP层的IP包头，TCP层的TCP包头，TLS层及负载的上层HTTP数据。

ClientHello

展开TLS层，这个包是ClientHello消息,全部展开后如下

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: Client HelloContent Type: Handshake (22)Version: TLS 1.0 (0x0301)Length: 253Handshake Protocol: Client HelloHandshake Type: Client Hello (1)Length: 249Version: TLS 1.2 (0x0303)Random: 8f8f55540f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55beGMT Unix Time: Apr 28, 2046 21:36:20.000000000 中国标准时间Random Bytes: 0f230fdab368448a24b2e5182b7fef7830dafd315defcd114abc55beSession ID Length: 32Session ID: 8b0e809778170dfa75738b0b9399f23169b0ae1f83019fb878124b341d3a42d8Cipher Suites Length: 36Cipher Suites (18 suites)Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)Compression Methods Length: 1Compression Methods (1 method)Compression Method: null (0)Extensions Length: 140Extension: server_name (len=20)Type: server_name (0)Length: 20Server Name Indication extensionServer Name list length: 18Server Name Type: host_name (0)Server Name length: 15Server Name: selflias.com.cnExtension: extended_master_secret (len=0)Type: extended_master_secret (23)Length: 0Extension: renegotiation_info (len=1)Type: renegotiation_info (65281)Length: 1Renegotiation Info extensionRenegotiation info extension length: 0Extension: supported_groups (len=8)Type: supported_groups (10)Length: 8Supported Groups List Length: 6Supported Groups (3 groups)Supported Group: x25519 (0x001d)Supported Group: secp256r1 (0x0017)Supported Group: secp384r1 (0x0018)Extension: ec_point_formats (len=2)Type: ec_point_formats (11)Length: 2EC point formats Length: 1Elliptic curves point formats (1)EC point format: uncompressed (0)Extension: session_ticket (len=0)Type: session_ticket (35)Length: 0Data (0 bytes)Extension: signature_algorithms (len=20)Type: signature_algorithms (13)Length: 20Signature Hash Algorithms Length: 18Signature Hash Algorithms (9 algorithms)Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)Signature Hash Algorithm Hash: SHA256 (4)Signature Hash Algorithm Signature: ECDSA (3)Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)Signature Hash Algorithm Hash: Unknown (8)Signature Hash Algorithm Signature: SM2 (4)Signature Algorithm: rsa_pkcs1_sha256 (0x0401)Signature Hash Algorithm Hash: SHA256 (4)Signature Hash Algorithm Signature: RSA (1)Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)Signature Hash Algorithm Hash: SHA384 (5)Signature Hash Algorithm Signature: ECDSA (3)Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)Signature Hash Algorithm Hash: Unknown (8)Signature Hash Algorithm Signature: Unknown (5)Signature Algorithm: rsa_pkcs1_sha384 (0x0501)Signature Hash Algorithm Hash: SHA384 (5)Signature Hash Algorithm Signature: RSA (1)Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)Signature Hash Algorithm Hash: Unknown (8)Signature Hash Algorithm Signature: Unknown (6)Signature Algorithm: rsa_pkcs1_sha512 (0x0601)Signature Hash Algorithm Hash: SHA512 (6)Signature Hash Algorithm Signature: RSA (1)Signature Algorithm: rsa_pkcs1_sha1 (0x0201)Signature Hash Algorithm Hash: SHA1 (2)Signature Hash Algorithm Signature: RSA (1)Extension: key_share (len=38)Type: key_share (51)Length: 38Key Share extensionClient Key Share Length: 36Key Share Entry: Group: x25519, Key Exchange length: 32Group: x25519 (29)Key Exchange Length: 32Key Exchange: a61abd6c612929a731944317da01f71321bad1cb973895cfe8421c73e70fcd72Extension: psk_key_exchange_modes (len=2)Type: psk_key_exchange_modes (45)Length: 2PSK Key Exchange Modes Length: 1PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)Extension: supported_versions (len=9)Type: supported_versions (43)Length: 9Supported Versions length: 8Supported Version: TLS 1.3 (0x0304)Supported Version: TLS 1.2 (0x0303)Supported Version: TLS 1.1 (0x0302)Supported Version: TLS 1.0 (0x0301)[JA3 Fullstring: 771,4865-4866-4867-49199-49195-49200-49196-52393-52392-49161-49171-49162-49172-156-157-47-53-10,0-23-65281-10-11-35-13-51-45-43,29-23-24,0][JA3: dda262729e5413660ec0e6a8d4279860]

可以看出TLS的记录层总共253字节，Content Type为握手数据。
ClientHello消息共占249字节，最高支持TLS 1.2版本。
Random是客户端的随机数。
Session ID长度为32字节。
支持的密码套件（Cipher Suite）有18个，占36字节，优先支持TLS_AES_128_GCM_SHA256。Compression Methods压缩方法为null。
扩展占140字节，第一个扩展是SNI扩展，请求的主机名为selflias.com.cn。
supported_groups扩展，支持三个曲线x25519、secp256r1、secp384r1。
还支持SessionTicket扩展。
signature_algorithms签名算法支持9种。

ServerHello

接下来是服务器回应的SeverHello消息，展开如下

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: Server HelloContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 69Handshake Protocol: Server HelloHandshake Type: Server Hello (2)Length: 65Version: TLS 1.2 (0x0303)Random: fbdf8dffb78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36GMT Unix Time: Nov 29, 2103 06:28:15.000000000 中国标准时间Random Bytes: b78c84c8923d6499ff957f595694009ec2a88dd451a12263e416df36Session ID Length: 0Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)Compression Method: null (0)Extensions Length: 25Extension: renegotiation_info (len=1)Type: renegotiation_info (65281)Length: 1Renegotiation Info extensionRenegotiation info extension length: 0Extension: server_name (len=0)Type: server_name (0)Length: 0Extension: ec_point_formats (len=4)Type: ec_point_formats (11)Length: 4EC point formats Length: 3Elliptic curves point formats (3)EC point format: uncompressed (0)EC point format: ansiX962_compressed_prime (1)EC point format: ansiX962_compressed_char2 (2)Extension: session_ticket (len=0)Type: session_ticket (35)Length: 0Data (0 bytes)Extension: extended_master_secret (len=0)Type: extended_master_secret (23)Length: 0[JA3S Fullstring: 771,49199,65281-0-11-35-23][JA3S: 098e26e2609212ac1bfac552fbe04127]

ServerHello的消息说明服务器和客户端使用TLS v1.2处理本次会话，TLS记录层共占69字节，SeverHello消息占65字节。
Random是服务器生成的随机数。
Session ID为空，服务器不适用Session ID作为会话恢复，而是支持SessionTicket。
协商的密码套件为TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256。
不启用压缩。
扩展长度为25字节，共处理客户端的5个扩展。

Certificate

服务器在发送完ServerHello之后马上发送了Certificate子消息，展开结构如下

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: CertificateContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 2972Handshake Protocol: CertificateHandshake Type: Certificate (11)Length: 2968Certificates Length: 2965Certificates (2965 bytes)Certificate Length: 1668Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)signedCertificateversion: v3 (2)serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01signature (sha384WithRSAEncryption)issuer: rdnSequence (0)rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)validitysubject: rdnSequence (0)rdnSequence: 1 item (id-at-commonName=selflias.com.cn)subjectPublicKeyInfoextensions: 9 itemsalgorithmIdentifier (sha384WithRSAEncryption)Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)Padding: 0encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…Certificate Length: 1291Certificate: 30820507308203efa003020102021100b20ced552e31a0bf343a7528743be9ab300d0609… (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)signedCertificateversion: v3 (2)serialNumber: 0x00b20ced552e31a0bf343a7528743be9absignature (sha256WithRSAEncryption)issuer: rdnSequence (0)rdnSequence: 5 items (id-at-commonName=AAA Certificate Services,id-at-organizationName=Comodo CA Limited,id-at-localityName=Salford,id-at-stateOrProvinceName=Greater Manchester,id-at-countryName=GB)validitysubject: rdnSequence (0)rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)subjectPublicKeyInfoextensions: 8 itemsalgorithmIdentifier (sha256WithRSAEncryption)Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)Padding: 0encrypted: 1cc5289b97312237b6222154ee6382b01af617a098794e5cc9f43f01ea7d9005d8503b96…

可以看出服务器发送了两张证书，一张是服务器自己的证书，一张是中间证书。
服务器自己的证书由TrustAsia RSA DV TLS CA G2颁发，中间证书由AAA Certificate Services颁发。两张证书都使用sha256WithRSA算法签名。

服务器证书的详细结构

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: CertificateContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 2972Handshake Protocol: CertificateHandshake Type: Certificate (11)Length: 2968Certificates Length: 2965Certificates (2965 bytes)Certificate Length: 1668Certificate: 30820680308204e8a003020102021100f0bb16defd41d3ba7cf205dccec0ae01300d0609… (id-at-commonName=selflias.com.cn)signedCertificateversion: v3 (2)serialNumber: 0x00f0bb16defd41d3ba7cf205dccec0ae01signature (sha384WithRSAEncryption)Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)issuer: rdnSequence (0)rdnSequence: 3 items (id-at-commonName=TrustAsia RSA DV TLS CA G2,id-at-organizationName=TrustAsia Technologies, Inc.,id-at-countryName=CN)RDNSequence item: 1 item (id-at-countryName=CN)RelativeDistinguishedName item (id-at-countryName=CN)Object Id: 2.5.4.6 (id-at-countryName)CountryName: CNRDNSequence item: 1 item (id-at-organizationName=TrustAsia Technologies, Inc.)RelativeDistinguishedName item (id-at-organizationName=TrustAsia Technologies, Inc.)Object Id: 2.5.4.10 (id-at-organizationName)DirectoryString: printableString (1)printableString: TrustAsia Technologies, Inc.RDNSequence item: 1 item (id-at-commonName=TrustAsia RSA DV TLS CA G2)RelativeDistinguishedName item (id-at-commonName=TrustAsia RSA DV TLS CA G2)Object Id: 2.5.4.3 (id-at-commonName)DirectoryString: printableString (1)printableString: TrustAsia RSA DV TLS CA G2validitynotBefore: utcTime (0)utcTime: 2022-10-19 00:00:00 (UTC)notAfter: utcTime (0)utcTime: 2023-10-19 23:59:59 (UTC)subject: rdnSequence (0)rdnSequence: 1 item (id-at-commonName=selflias.com.cn)RDNSequence item: 1 item (id-at-commonName=selflias.com.cn)RelativeDistinguishedName item (id-at-commonName=selflias.com.cn)Object Id: 2.5.4.3 (id-at-commonName)DirectoryString: printableString (1)printableString: selflias.com.cnsubjectPublicKeyInfoalgorithm (rsaEncryption)Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)subjectPublicKey: 3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…modulus: 0x00d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc790a4ebfc132f0c2…publicExponent: 65537extensions: 9 itemsExtension (id-ce-authorityKeyIdentifier)Extension (id-ce-subjectKeyIdentifier)Extension (id-ce-keyUsage)Extension (id-ce-basicConstraints)Extension (id-ce-extKeyUsage)Extension (id-ce-certificatePolicies)Extension (id-pe-authorityInfoAccess)Extension (id-ce-subjectAltName)Extension (SignedCertificateTimestampList)algorithmIdentifier (sha384WithRSAEncryption)Algorithm Id: 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)Padding: 0encrypted: 3bebea7d478c774f6b636cc081dafd75507d70bc2f007be5fa75a4ee841265b8bf64e486…

可以看出证书的版本是X.509 v3版本。
序列号是0x00f0bb16defd41d3ba7cf205dccec0ae01。
签名算法为sha384WithRSA。
颁发者是TrustAsia RSA DV TLS CA G2。
有效期是2022-10-19 00:00:00到2023-10-19 23:59:59
公钥值是3082010a0282010100d0ec9a5b3c26dddf33b4303cdb4dc05b8297f1e539cc4ee095b9dc…
包含了9个证书扩展。

服务器证书扩展的结构

extensions: 9 items
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifierkeyIdentifier: 5f3a7c11107e0c677161dc8ba3b5000367f5571c
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 116c594baff606c89c4c6f69b663ba08946c8a7b
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 5
KeyUsage: a01... .... = digitalSignature: True.0.. .... = contentCommitment: False..1. .... = keyEncipherment: True...0 .... = dataEncipherment: False.... 0... = keyAgreement: False.... .0.. = keyCertSign: False.... ..0. = cRLSign: False.... ...0 = encipherOnly: False0... .... = decipherOnly: False
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax [0 length]
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 itemsKeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 2 itemsPolicyInformationpolicyIdentifier: 1.3.6.1.4.1.6449.1.2.2.49 (iso.3.6.1.4.1.6449.1.2.2.49)policyQualifiers: 1 itemPolicyQualifierInfoId: 1.3.6.1.5.5.7.2.1 (id-qt-cps)DirectoryString: https://sectigo.com/CPSPolicyInformationpolicyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 itemsAccessDescriptionaccessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)accessLocation: 6uniformResourceIdentifier: http://crt.trust-provider.cn/TrustAsiaRSADVTLSCAG2.crtAccessDescriptionaccessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)accessLocation: 6uniformResourceIdentifier: http://ocsp.trust-provider.cn
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 2 itemsGeneralName: dNSName (2)dNSName: selflias.com.cnGeneralName: dNSName (2)dNSName: www.selflias.com.cn
Extension (SignedCertificateTimestampList)
Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
Serialized SCT List Length: 362
Signed Certificate Timestamp (Google 'Xenon2023' log)Serialized SCT Length: 119SCT Version: 0Log ID: adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828aTimestamp: Oct 19, 2022 06:37:15.021000000 UTCExtensions length: 0Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)Signature Hash Algorithm Hash: SHA256 (4)Signature Hash Algorithm Signature: ECDSA (3)Signature Length: 72Signature: 3046022100d3ca45fe7bf14bb759de71a2b35f708b065dd968f8b30e78865721f8575974…
Signed Certificate Timestamp (Cloudflare 'Nimbus2023' Log)Serialized SCT Length: 119SCT Version: 0Log ID: 7a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb52Timestamp: Oct 19, 2022 06:37:14.965000000 UTCExtensions length: 0Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)Signature Hash Algorithm Hash: SHA256 (4)Signature Hash Algorithm Signature: ECDSA (3)Signature Length: 72Signature: 30460221008b154b640290a4d0c7b8fd87254d0f2d0c342e55e918ffce866d92a546499d…
Signed Certificate Timestamp (Google 'Argon2023' log)Serialized SCT Length: 118SCT Version: 0Log ID: e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6eTimestamp: Oct 19, 2022 06:37:14.919000000 UTCExtensions length: 0Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)Signature Hash Algorithm Hash: SHA256 (4)Signature Hash Algorithm Signature: ECDSA (3)Signature Length: 71Signature: 304502204b602d371ffd3a0a247afb3c64c8f262b7c282c333047fa6a4f203758917d1fe…

其中重要的扩展，即critical=True的有：
id-ce-keyUsage，表示该证书可以用于密钥交换和数字签名。
id-ce-basicConstraints，表示该证书是一张普通证书，不能签发其他证书。

Server Key Exchange

密钥协商算法是TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256，证书中没有包含ECDH参数等信息，所以服务器发送ServerKeyExchange消息。

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: Server Key ExchangeContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 300Handshake Protocol: Server Key ExchangeHandshake Type: Server Key Exchange (12)Length: 296EC Diffie-Hellman Server ParamsCurve Type: named_curve (0x03)Named Curve: x25519 (0x001d)Pubkey Length: 32Pubkey: 37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)Signature Hash Algorithm Hash: Unknown (8)Signature Hash Algorithm Signature: SM2 (4)Signature Length: 256Signature: 37936b9ead1368308a601245cf01e35274774210b59fe3343f48f4e202c54a7df8ee1de4…

可以看出采用的是命名曲线x25519，公钥是37cb1755840758875116cb24435a7edb61228ce7d353b56ddaae691168c13176，签名算法是rsa_pss_rsae_sha256。

Server Hello Done

Server Hello Done是一条空消息，通知客户端服务器已准备好预备主密钥协商。

TLSv1.2 Record Layer: Handshake Protocol: Server Hello DoneContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 4Handshake Protocol: Server Hello DoneHandshake Type: Server Hello Done (14)Length: 0

Client Key Exchange

客户端给服务器发送自己的ECDH公钥

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: Client Key ExchangeContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 37Handshake Protocol: Client Key ExchangeHandshake Type: Client Key Exchange (16)Length: 33EC Diffie-Hellman Client ParamsPubkey Length: 32Pubkey: 06b90ea70ed26d8c05756acb7b0f2d6cbd342f4dbad35cb1c1db8d219dc37d6a

客户端Change Cipher Spec

客户端发送该消息告诉服务器端，客户端可以使用TLS记录层协议进行密码学保护了，下一条消息就是加密的消息。

Transport Layer SecurityTLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher SpecContent Type: Change Cipher Spec (20)Version: TLS 1.2 (0x0303)Length: 1Change Cipher Spec Message

客户端Encrypted Handshake Message

加密过的Finished子消息。

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake MessageContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 40Handshake Protocol: Encrypted Handshake Message

New Session Ticket

表示服务器支持Session Ticket会话恢复，发送给客户端Ticket值aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…。

Transport Layer SecurityTLSv1.2 Record Layer: Handshake Protocol: New Session TicketContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 218Handshake Protocol: New Session TicketHandshake Type: New Session Ticket (4)Length: 214TLS Session TicketSession Ticket Lifetime Hint: 300 seconds (5 minutes)Session Ticket Length: 208Session Ticket: aa805373de67fa62d924e7725bdb987e83d8e432eabdb175042e960d1b99562bef99a234…

服务器的ChangeCipherSpec和EncryptedHandshakeMessage

和客户端的同类子消息类似。

Transport Layer SecurityTLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher SpecContent Type: Change Cipher Spec (20)Version: TLS 1.2 (0x0303)Length: 1Change Cipher Spec MessageTLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake MessageContent Type: Handshake (22)Version: TLS 1.2 (0x0303)Length: 40Handshake Protocol: Encrypted Handshake Message

Application Data

这个消息就是加密后的上层协议的内容了，客户端与服务器已经完成握手，展开如下

Transport Layer SecurityTLSv1.2 Record Layer: Application Data Protocol: Hypertext Transfer ProtocolContent Type: Application Data (23)Version: TLS 1.2 (0x0303)Length: 328Encrypted Application Data: 000000000000000129b0d62974ec77cb57c0a3eca6987622a8e9fd57bcfb5ca8a7e3fff7…[Application Data Protocol: Hypertext Transfer Protocol]

可以看到http的整个请求都被加密了。

总结

TLS握手对应多种情况，这里展示的是基于ECDHE密码套件的握手场景。其他还有基于会话恢复的简短握手的场景，有不同密码套件发送不一样的握手内容的场景，实际在分析时需要慢慢总结。