Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Net::SSL::Handshake(3)User Contributed Perl DocumentatioNet::SSL::Handshake(3)

NAME
       Net::SSL::Handshake - SSL Handshake on an existing connection or	open a
       new one

VERSION
       Version 0.1.x, $Revision: 646 $

SYNOPSIS
	my $handshake =	Net::SSL::Handshake->new(
	  socket   => $socket,
	  timeout  => $timeout,
	  host	   => $hostname,
	  port	   => $port,
	  ciphers  => $ciphers,
	  );
	$handshake->hello;

       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< =head1	DESCRIPTION

       Attributes:

	 Tieouts for IO::Socket::Timeout (read,	write)
	 Default: read from socket obj???? or 30 seconds? or whatelse!

	 socket

	 version

	 random	and other parameters to	ssl etc	(default random)

       +++ IDN via Net::IDN::Encode (for SNI)

       Modules:

	 Net::SSL::StartTLS::SMTP, ...

	Peter Mosman openssl: https://github.com/PeterMosmans/openssl/

       # Build OpenSSL TEST!

	 git clone https://github.com/PeterMosmans/openssl.git --depth 1 -b 1.0.2-chacha openssl-chacha

	 # config, make	& Inst
	 CFLAGS="-O3 -fno-strict-aliasing -pipe	-march=native -mtune=native  -fstack-protector"	 ./Configure darwin64-x86_64-cc	--prefix=/Users/alvar/Documents/Code/externes/openssl-chacha/installdir	--openssldir=/Users/alvar/Documents/Code/externes/openssl-chacha/installdir/openssl   enable-asm threads shared	zlib enable-ssl2 enable-ssl3 enable-md2	enable-rc5 no-gmp no-rfc3779 enable-ec_nistp_64_gcc_128	zlib no-shared experimental-jpake enable-md2 enable-rc5	enable-rfc3779 enable-gost enable-static-engine
	 make depend &&	make &&	make test && make report && make install

	 # Via:	https://github.com/jvehent/cipherscan

       # cert list

	 openssl ciphers -l -V ALL:eNULL:aNULL
	 /Users/alvar/Documents/Code/externes/openssl-chacha/installdir/bin/openssl ciphers -l -V ALL:eNULL:aNULL

       # Self singned cert: openssl req	-new -newkey rsa:2048 -days 36500
       -nodes -x509 -keyout server.pem -out server.pem

       # Server: man s_server

       # Install openssl with SSLv2 and	SSLv3 etc

	 CFLAGS="-O3 -fno-strict-aliasing -pipe	-march=native -mtune=native  -fstack-protector"	 ./Configure darwin64-x86_64-cc	--prefix=/Users/alvar/Documents/Code/externes/openssl-1.0.2d/installdir	--openssldir=/Users/alvar/Documents/Code/externes/openssl-1.0.2d/installdir/openssl   enable-asm threads shared	zlib zlib-dynamic  enable-ssl2 enable-ssl3 enable-md2 enable-rc5 no-gmp	no-rfc3779 enable-ec_nistp_64_gcc_128
	 make depend
	 make && make test && make install

       # Start server

	 Users/alvar/Documents/Code/externes/openssl-1.0.2d/installdir/bin/openssl s_server -HTTP -accept 443

       # oder mit www

       # Standard TLS/SSL handshake handshake_pkts = { "TLS v1.3":
       '\x80\x2c\x01\x03\x04\x00\x03\x00\x00\x00\x20', "TLS v1.2":
       '\x80\x2c\x01\x03\x03\x00\x03\x00\x00\x00\x20', "TLS v1.1":
       '\x80\x2c\x01\x03\x02\x00\x03\x00\x00\x00\x20', "TLS v1.0":
       '\x80\x2c\x01\x03\x01\x00\x03\x00\x00\x00\x20', "SSL v3.0":
       '\x80\x2c\x01\x03\x00\x00\x03\x00\x00\x00\x20', "SSL v2.0":
       '\x80\x2c\x01\x00\x02\x00\x03\x00\x00\x00\x20' }

       https://github.com/iphelix/sslmap/blob/master/sslmap.py

   SSL Handshake
       https://github.com/iphelix/sslmap/blob/master/sslmap.py

       https://labs.portcullis.co.uk/tools/ssl-cipher-suite-enum/

       https://github.com/drwetter/testssl.sh https://testssl.sh

       pack types:

	 C unsigned 8 bit char
	 n unsigned short, 16 bit, network order
	 a binary string, NULL padded

       SSLv2

       Client sends

       Client hello max	256 bytes for F5! (Bug)
       https://code.google.com/p/chromium/issues/detail?id=245500 Fixed	at
       least since 09/29/2011

       Client-Hello SSLv2:

	 #  Header
	 n  Message len	| 0x8000

	 # Data. len: message len
	 C  Message Type: SSL_MT_CLIENT_HELLO
	 n  Client-Version
	 n  Cipher spec	len
	 n  Session-ID len   =>	0
	 n  challenge len
	 a* cipher spec	data
	 a* session id data  =>	empty
	 a* challenge data

       alternative header (3 bytes):

	 #  Header
	 n  Message len
	 C  Padding (number of bytes added at the end of data part!)

       SSLv3 and TLS

	 C     record Type	/ SSL record type = 22 (SSL3_RT_HANDSHAKE)
	 n     SSL Version
	 n     Record len

	 # Record:
	 C     Message Type	/ Handshake type
	 C     0x00		/ Length of data to follow in this record (3 Bytes!)
	 n     Message len	/ Length rest

	 ## Data
	 n     SSL/TLS Version
	 a[32] challenge
	 C     session ID len
	 n     cipher spec len
	 a*    cipher spec
	 C     compression method len (1)
	 C*    compression method  (0x00)
	 n     length extensions
	 a*    extensions data

	 ## Extensions:	SNI,

	 # Hello Extensions format:

	 n  extension type
	 n  Length extension data
	 a* data

	 # data	for hello extension sni:

	 n  len	of list	(bytes)
	 C  Nametype (host_name: 0x00)
	 n  len	host name
	 a* hostname (IDN!)

	     $clientHello_extensions = pack(
					     "n	n n C n	a[$clientHello{'extension_sni_len'}]",
					     $clientHello{'extension_type_server_name'},	  #n
					     $clientHello{'extension_len'},	       #n
					     $clientHello{'extension_sni_list_len'},   #n
					     $clientHello{'extension_sni_type'},       #C
					     $clientHello{'extension_sni_len'},	       #n
					     $clientHello{'extension_sni_name'},       #a[$clientHello{'extension_sni_len'}]
					   );

		"n a[32] C n a[$clientHello{'cipher_spec_len'}]	C C[$clientHello{'compression_method_len'}] a[$clientHello{'extensions_total_len'}]",
		$clientHello{'version'},		  # n
		$clientHello{'challenge'},		  # A[32] = gmt	+ random [4] + [28] Bytes
		$clientHello{'session_id_len'},		  # C
		$clientHello{'cipher_spec_len'},	  # n
		$clientHello{'cipher_spec'},		  # A[$clientHello{'cipher_spec_len'}]
		$clientHello{'compression_method_len'},	  # C (0x01)
		$clientHello{'compression_method'},	  # C[len] (0x00)
		$clientHello_extensions			  # optional
				    );

       https://www-01.ibm.com/support/knowledgecenter/#!/SSB23S_1.1.0.10/com.ibm.ztpf-ztpfdf.doc_put.10/gtps5/s5rcd.html?cp=SSB23S_1.1.0.10%2F0-1-8-2-3

       possible	handshake types:

	  SSL3_MT_HELLO_REQUEST		   0   (x'00')
	  SSL3_MT_CLIENT_HELLO		   1   (x'01')
	  SSL3_MT_SERVER_HELLO		   2   (x'02')
	  SSL3_MT_CERTIFICATE		  11   (x'0B')
	  SSL3_MT_SERVER_KEY_EXCHANGE	  12   (x'0C')
	  SSL3_MT_CERTIFICATE_REQUEST	  13   (x'0D')
	  SSL3_MT_SERVER_DONE		  14   (x'0E')
	  SSL3_MT_CERTIFICATE_VERIFY	  15   (x'0F')
	  SSL3_MT_CLIENT_KEY_EXCHANGE	  16   (x'10')
	  SSL3_MT_FINISHED		  20   (x'14')

	     $clientHello{'msg_len'}	= length($clientHello_tmp);
	     $clientHello{'record_len'}	= $clientHello{'msg_len'} + 4;

	     $clientHello = pack(
				  "C n n C C n a*",
				  $clientHello{'record_type'},		    # C
				  $clientHello{'record_version'},	    # n
				  $clientHello{'record_len'},		    # n
				  $clientHello{'msg_type'},		    # C
				  0x00,					    # C	(0x00)
				  $clientHello{'msg_len'},		    # n
				  $clientHello_tmp			    # a
				);

       Server-Hello:

       The SSL Handshake Protocol defines the following	errors:

       NO-CIPHER-ERROR This error is returned by the client to the server when
       it cannot find a	cipher or key size that	it supports that is also
       supported by the	server.	 This error is not recoverable.

   send_record
       sends the record	to the server

   add_to_record
       adds a template and some	data to	a record

   record_as_string
       returns the record as a string; checks for SSLv2/ SSLv3 / TLS

   clear_record
       clears the template etc

   challenge
       generate	some random ...

   close_notify
       send a "close notify" alert

   ->hello
       Send client hello, receive and parse server hello.

       ...

   build_client_hello
       build client hello message

   ->build_extensions
       Builds the hello	extensions

   receive_record
       receive and parse server	record ...

   parse_handshake($data)
       Parse SSLv3+ Handshake

   sslv2_server_hello
       SERVER-HELLO (Phase 1; Sent in the clear)

	  0 char MSG-SERVER-HELLO
	  1 char SESSION-ID-HIT
	  2 char CERTIFICATE-TYPE
	  3 char SERVER-VERSION-MSB
	  4 char SERVER-VERSION-LSB
	  5 char CERTIFICATE-LENGTH-MSB
	  6 char CERTIFICATE-LENGTH-LSB
	  7 char CIPHER-SPECS-LENGTH-MSB
	  8 char CIPHER-SPECS-LENGTH-LSB
	  9 char CONNECTION-ID-LENGTH-MSB
	 10 char CONNECTION-ID-LENGTH-LSB
	   char	CERTIFICATE-DATA[MSB<<8|LSB]
	   char	CIPHER-SPECS-DATA[MSB<<8|LSB]
	   char	CONNECTION-ID-DATA[MSB<<8|LSB]

   parse_alert
       parse alert message

perl v5.24.1			  2017-07-02		Net::SSL::Handshake(3)

NAME | VERSION | SYNOPSIS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Net::SSL::Handshake&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help