Skip to content

SSL/TLS Protocol inspection

SSL/TLS Protocol inspection is the process of intercepting, analyzing, and decrypting Secure Sockets Layer (SSL) or Transport Layer Security (TLS) network traffic to examine its unencrypted contents.^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md]

The OpenSSL toolkit is a fundamental utility for this task, providing robust support for numerous cryptographic primitives required to implement SSL/TLS protocols.^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md] Written in C, it facilitates the inspection of encrypted data streams by handling the underlying cipher suites and key exchange mechanisms.

Supported Cryptographic Algorithms

To successfully inspect and decrypt traffic, the inspection tool must support the specific algorithms used in the connection. OpenSSL supports a wide array of cryptographic primitives, including:^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md]

  • Encryption Ciphers: AES, Blowfish, Camellia, ChaCha20, Poly1305, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, TDES, GOST 28147-89, and SM4.
  • Hash Functions: MD5, MD4, MD2, SHA-1, SHA-2, SHA-3, RIPEMD-160, MDC-2, GOST R 34.11-94, BLAKE2, and Whirlpool.
  • Public Key Cryptography: RSA, DSA, ECDSA, ECDHE, Diffie-Hellman key exchange, Elliptic Curve Cryptography (ECC), X25519, Ed25519, X448, Ed448, GOST R 34.10-2001, and SM2.

Inspection Techniques

Protocol inspection can be performed using command-line tools to simulate a client connection and output the server's parameters.^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md]

Using OpenSSL

The openssl s_client command is commonly used to connect to a server and inspect the certificate chain, negotiated cipher, and handshake details^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md].

[OpenSSL](<./openssl.md>) s_client -connect www.google.com:443

To view detailed protocol messages for specific TLS versions (e.g., TLS 1.2), the -msg flag can be added^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md].

[OpenSSL](<./openssl.md>) s_client -connect www.google.com:443 -tls1_2 -msg

Administrators can also list the cipher suites supported by the local OpenSSL installation^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md].

[OpenSSL](<./openssl.md>) ciphers -s -psk -srp
[OpenSSL](<./openssl.md>) ciphers -stdname

Using cURL

The curl tool can also be utilized to inspect the handshake and connection details by using verbose flags^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md].

curl -s -S -v -o /dev/null --no-progress-meter https://www.google.com

To test protocol compliance or specific cipher suites, one can restrict the maximum TLS version or specify the exact cipher to use^[400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md].

curl -s -S -v -o /dev/null --no-progress-meter --tls-max 1.2 --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 https://www.google.com
  • [[Encryption]]
  • [[Public Key Infrastructure]]
  • [[Network Security]]
  • OpenSSL

Sources

  • 400-devops__02-OS-and-Linux-Basics__ssl__openssl__openssl.md