david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. I'm also the author of the Real World Cryptography book. This is my blog about cryptography and security and other related topics that I find interesting.

Analyze a TLS handshake posted December 2015

Short blogpost on a quick way to analyze a TLS handshake:

In one terminal, setup the server:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes
openssl s_server -cert cert.pem -key key.pem

The first command use the req toolkit of openssl. It is usually used to create certificate request (and the request is then later approved by a CA), but since we're in a rush, let's just use it with the -x509 option to directly generate a certificate. rsa:2048 generates a key with the algorithm RSA and with a modulus of size 2048 bits. -nodes disable the use of a passphrase to protect the key (the default protect the key by encrypting it with DES).

In a second terminal, start capturing packets:

tcpdump -i lo0 -s 65535 -w exchange.cap

65535 is the maximum length of a packet.

Start a handshake in a third terminal:

openssl s_client -connect localhost:4433

Now open the .cap with Wireshark!


Leave a comment