Analyze a TLS handshake
posted December 2015
Short blogpost on a quick way to analyze a TLS handshake:
In one terminal, setup the server:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes openssl s_server -cert cert.pem -key key.pem
The first command use the
reqtoolkit of openssl. It is usually used to create certificate request (and the request is then later approved by a CA), but since we're in a rush, let's just use it with the
-x509option to directly generate a certificate.
rsa:2048generates a key with the algorithm RSA and with a modulus of size 2048 bits.
-nodesdisable the use of a passphrase to protect the key (the default protect the key by encrypting it with DES).
In a second terminal, start capturing packets:
tcpdump -i lo0 -s 65535 -w exchange.cap
65535 is the maximum length of a packet.
Start a handshake in a third terminal:
openssl s_client -connect localhost:4433
Now open the .cap with Wireshark!