ClientHello message contents include the following:
1. The Version
Protocol version (protocol version) indicates the best protocol version client support, from low to high in turn SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
2. The Random
Random number (random) field contains 32 bytes of data, of course, only 28 bytes are randomly generated; Remaining 4 byte contains additional information, affected by the client clock, 4 bytes Unix time format to record the client coordinated universal time (UTC), universal coordinated time starts from January 1, 1970 to the current moment of seconds, so time is constantly rising, by four bytes before fill in time, effectively avoid the cyclical appear as random Numbers, facilitate "random", "random" random number is used for generating symmetric key,
When shaking hands, the client and the server will provide random number, the randomness of each handshake is unique, plays an important role in authentication, it can prevent replay attack, and to confirm the integrity of the initial data exchange,
3. The Session ID
When the first connection, the session ID (session ID) field is empty, which means that the client does not hope to restore a
Existing session, in subsequent connection, this field can save session a unique identifier, the server can be found with the help of a session ID in his own cache corresponding session state,
If the Session id length has a value, for the SSL Session id length 0 ~ 2.0 16 bytes, later version to 32 bytes, this newspaper in this paper, the Session id length is 0, with the Session id, behind, there is no direct is a Cipher suit length,
The Session id is not necessarily a 32 bytes, RFC can 0 to 32 bytes, only the Session id generated by the server, the server generally USES the OpenSSL, and OpenSSL basic generate only 32 bytes of the Session id, if encounter other bytes of the Session id, do not think it is abnormal client hello,
4. Other extension information, such as: server_name, supported_groups, key_share etc.
5. List of Cipher suite (Cipher Suites), such as:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
I would like to ask is, use wininet, winhttp (HTTP library, or a third party such as libcurl) during the HTTPS access, how to modify the clienthello extension information and cipher suite in the information and order?
Please answer!
CodePudding user response:
Do you want to change the rhythm of the source
CodePudding user response:
There is no way?CodePudding user response:
Jacking, let more people seeCodePudding user response:
For such a big community, no one know the address?CodePudding user response:
LibCurl don't know
WinInet, Winhttp should have very fine options
Such as the Winhttp can only specify the TLS version, use WinhttpSetOption:
WINHTTP_OPTION_SECURE_PROTOCOLS
Set an unsigned long integer value that specifies which security agreement is acceptable, by default, only in Windows 7 and 8 enables SSL3 and TLS1, by default, only enabled in Windows 8.1 and Windows 10 SSL3, TLS, TLS1.1 and TLS1.2, below this value can be a combination of one or more values,
WINHTTP_OPTION_SECURE_PROTOCOLS
Sets the an unsigned long integer value that specifies which secure separate protocols are acceptable. By default only SSL3 and TLS1 are enabled. Can By a combination of one or more of the following values.
WINHTTP_FLAG_SECURE_PROTOCOL_ALL
The Secure Sockets Layer (SSL) 2.0, 3.0, SSL and Transport Layer Security (TLS) 1.0 separate protocols can be 2.
WINHTTP_FLAG_SECURE_PROTOCOL_SSL2
The SSL protocol can be 2.0 2.
WINHTTP_FLAG_SECURE_PROTOCOL_SSL3
The SSL protocol can be 3.0 2.
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1
The TLS protocol can be 1.0 2.
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1
The TLS protocol can be 1.1 2.
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2
The TLS protocol can be 1.2 2.
CodePudding user response:
Mark, I am looking for a method