1

I analyzed the TLS (1.2) handshake and I didn't manage to understand the message after the Change Chipher Spec

Here it is:

enter image description here

It is called "Encrypted Handshake Message" by Wireshark and it is sent by the server to the client and vice-versa. What is the content of this message? It should be the Finished message but what is its specific content? I also noticed that the length is different for every different ciphersuite, so, is this length specified somewhere?

Steve
  • 23
  • 2

1 Answers1

4

The Change Cipher Spec message means: from now on, records will be encrypted with the newly negotiated cipher suite and keys. So all subsequent records will be encrypted, and that's what you observe: an encrypted record. Of course you cannot see the contents: that's the point of encryption.

Right after the Change Cipher Spec follows a Finished message, which serves as confirmation that the handshake worked properly. The raw contents have length 12 bytes, and are computed as a sort-of hash of all previous handshake messages. These 12 bytes will be encrypted, which entails adding the record MAC value, then possibly some padding (if using a block cipher in CBC mode).

For instance, if, in your example, you used a cipher suite with 3DES in CBC mode as block cipher, and SHA-1 for integrity, then 20 bytes are appended for the MAC, then between 1 and 8 bytes for padding, so that the total length is a multiple of 8 (3DES uses blocks of 8 bytes). This yields 40 bytes, and that's precisely what you observe.

See the standard, in particular section 7.4.9 for the Finished message; see also this answer for a walk-through of SSL/TLS.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955