我们有一个运行 TLS v1.0 的客户端/服务器,在初次握手后不断收到来自客户端的加密警报 21。他们使用密码块链接,我读到过,当块密码输入长度与块长度的倍数不同时,会导致解密失败警报,但我如何/在哪里找到这些值来确定这是否是警报的真正原因?
我已将握手顺序附在下面...谢谢...非常感谢
安全链路层
TLSv1 Record Layer: Handshake Protocol: Client Hello ##
Content Type: Handshake (22)###
Version: TLS 1.0 (0x0301)
Length: 254
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 250
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Jun 25, 1983 13:56:23.000000000 Eastern Daylight Time
Random Bytes: 2761896c45978dc3868cd4858d7a3d5749f7218e40f5fd3f...
Session ID Length: 0
Cipher Suites Length: 100
Cipher Suites (50 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 109
Extension: ec_point_formats
Extension: elliptic_curves
Extension: SessionTicket TLS
Extension: signature_algorithms
Extension: Heartbeat
安全链路层
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 1449
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random
Session ID Length: 32
Session ID: 569d341d4d75bc12b41fa995f22fea93a51d14fa1d612e69...
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 816
Certificates Length: 813
Certificates (813 bytes)
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 540
Diffie-Hellman Server Params
p Length: 128
p: fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400...
g Length: 20
g: 9760508f15230bccb292b982a2eb840bf0581cf5
Pubkey Length: 128
Pubkey: 73f35da13f584ccb05901f5242f71da41b5f35cc185409a9...
Signature Length: 256
Signature: 3b8a31d223c149fb0af62f653be5d61af1297c11c4d6e925...
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
安全链路层
TLSv1 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 134
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
Diffie-Hellman Client Params
Pubkey Length: 128
Pubkey: 76ef1851a1202c19b55aebc2cf830cbb023f15f75d7c963a...
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Encrypted Handshake Message
安全链路层
TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
安全链路层
TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 48
Handshake Protocol: Encrypted Handshake Message
安全链路层
客户端->服务器
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 50c0d7383385d5ea8aa08c9a489904b20fb508a1b53ec017...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 18ad9fa298268b2da260c4873075d8116554d3067659a0f6...
安全链路层
服务器->客户端
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 352
Encrypted Application Data: a425edb24ceb1fab0516b7cf64e18d571db0f222e606d1a7...
安全链路层
客户端->服务器
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 4952a32d5ca081870f74397b4b45d8af9017938b92db648a...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 3a97d944ddabc997a965cc75ed946aa0dd4b13e525f44aff...
安全链路层
服务器->客户端
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 47f3838b409d33cfd039f51e432e7675095f6f724ba7c728...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 352
Encrypted Application Data: 8bd4f772427b1bf25901b3cc59cff003d83b02bd11421e62...
安全链路层
客户端->服务器
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 32
Encrypted Application Data: 1a0750299f160c207a88d6d6b2bc794373b7d45ae845129f...
TLSv1 Record Layer: Application Data Protocol: http
Content Type: Application Data (23)
Version: TLS 1.0 (0x0301)
Length: 480
Encrypted Application Data: 094956aa5f580d500d9402bc84696748f6c008d8f75bcafc...
安全链路层
客户端->服务器
TLSv1 Record Layer: Encrypted Alert
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 32
Alert Message: Encrypted Alert
答案1
这是一场混乱
这不是AlertDescription21。
相反,这是ContentType21。
enum {
change_cipher_spec(20), alert(21), handshake(22),
application_data(23), (255)
} ContentType;
现在怎么办?我们知道这是警报,但是什么类型的警报?AlertDescription字段宽度为一个字节。那么这是哪一个?不幸的是,答案是……
Alert Message: Encrypted Alert
...我们不知道。它是加密的。
问:但是如果我们使用证书的私钥,我们是否能够解密此数据包转储?
答:不能。此连接使用了临时密码套件(即Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)),因此前向安全并且无法从证书的私钥重建会话批量加密密钥。
采取新的追踪。
再进行一次跟踪,但这次要确保之后可以解密。为此,要么准备好私钥并强制使用非前向安全套件(名称中没有DHE或没有的东西ECDHE),要么让您的软件将会话密钥转储到某个地方。(Chrome 和 Firefox 可以做到这一点。)
答案2
...我们有一个运行 TLS v1.0 的客户端/服务器,并在初次握手后不断从客户端获取加密警报 21...
看来客户端级别较低,需要升级。
根据RFC 5246,传输层安全 (TLS) 协议版本 1.2,警报 21 为 decryption_failed_RESERVED. 警报的含义如下:
decryption_failed_RESERVED
此警报在某些早期版本的 TLS 中使用,可能允许
针对 CBC 模式 [CBCATT] 的某些攻击。
兼容实现不得发送此警报。