Cryptography Reference
In-Depth Information
0x00b0:
4886 f70d 0101 0505 0030 81a1 310b 3009
H........0..1.0.
0x00c0:
0603 5504 0613 0255 5331 0b30 0906 0355
..U....US1.0...U
… (omitted server certificate) …
Certificate
Request
0x03b0: 92bd fd6e dc5a 552f ecd3 90c5 6580 2796 ...n.ZU/....e.'.
0x03c0: b99c f8ba 0958 972b 9360 6001 3abe 3ee4 .....X.+.``.:.>.
Certificate
List of Certificate
Authorities
0x03d0: bca6 6646 f29d dea1 b1b4 888e cde5 8f
16
..fF............
0x03e0:
0301 00b4 0d00 00ac 0301 0240 00a6 00a4
...........@....
0x03f0:
3081 a131 0b30 0906 0355 0406 1302 5553
0..1.0...U....US
0x0400:
310b 3009 0603 5504 0813 0254 5831 1230
1.0...U....TX1.0
0x0410:
1006 0355 0407 1309 536f 7574 686c 616b
...U....Southlak
0x0420:
6531 1430 1206 0355 040a 130b 5472 6176
e1.0...U....Trav
0x0430:
656c 6f63 6974 7931 1530 1306 0355 040b
elocity1.0...U..
0x0440:
130c 4172 6368 6974 6563 7475 7265 3116
..Architecture1.
0x0450:
3014 0603 5504 0313 0d4a 6f73 6875 6120
0...U....Joshua.
… (omitted certificate authorities) …
Here, the client hello, server hello, and server certifi cate are exchanged as always.
However, the server certifi cate is followed by a certifi cate request, which lists
the acceptable certifi cate types and the certifi cate authorities, by DER-encoded
subject name, that the server recognizes.
21:43:42.756657 IP localhost.40795 > localhost.8443: Flags [P.], ack 1125, win
274, options [nop,nop,TS val 103386 ecr 103385], length 860
0x0000: 4500 0390 5ad7 4000 4006 de8e 7f00 0001 E...Z.@.@.......
0x0010: 7f00 0001 9f5b 20fb c914 c93d c8dd 046d .....[.....=...m
Certificate
0x0020: 8018 0112 0185 0000 0101 080a 0001 93da ................
0x0030: 0001 93d9
1603 0103 570b 0003 5300 0350
........W...S..P
0x0040:
0003 4d30 8203 4930 8202 f3a0 0302 0102
..M0..I0........
0x0050:
0209 00b5 b5d9 2127 07fe 0e30 0d06 092a
......!'...0...*
0x0060:
8648 86f7 0d01 0105 0500 3081 a131 0b30
.H........0..1.0
0x0070:
0906 0355 0406 1302 5553 310b 3009 0603
...U....US1.0...
0x0080:
5504 0813 0254 5831 1230 1006 0355 0407
U....TX1.0...U..
… (omitted client certificate) …
0x0350:
4b20 8c96 7f7a d456 d9e0 5176 54e6 b850
K....z.V..QvT..P
0x0360:
1692 bdfd 6edc 5a55 2fec d390 c565 8027
....n.ZU/....e.'
0x0370:
96b9 9cf8 ba09 5897 2b93 6060 013a be3e
......X.+.``.:.>
0x0380:
e4bc a666 46f2 9dde a1b1 b488 8ecd e58f
...fF...........
The client responds, of course, with a certifi cate. Notice that the message
is the exact same format — down to the same handshake message type — that
the server sent.
Search WWH ::
Custom Search