3 years ago · d2ed5f978c
--- a/协议详解与抓包实战/4、TLSSSL协议.md
+++ b/协议详解与抓包实战/4、TLSSSL协议.md
@@ -0,0 +1,213 @@
 
				+> [TOC]
			
 
				+
			
 
				+# 1、TLS/SSL 协议的工作原理
			
 
				+
			
 
				+## 1.1、设计目的
			
 
				+
			
 
				+![image-20220817212031071](assets/image-20220817212031071.png)
			
 
				+
			
 
				+## 1.2、TLS/SSL 发展
			
 
				+
			
 
				+![image-20220817212051206](assets/image-20220817212051206.png)
			
 
				+
			
 
				+## 1.3、TLS 协议
			
 
				+
			
 
				+![image-20220817212109183](assets/image-20220817212109183.png)
			
 
				+
			
 
				+![image-20220817212308198](assets/image-20220817212308198.png)
			
 
				+
			
 
				+# 2、对称加密的工作原理
			
 
				+
			
 
				+## 2.1、定义
			
 
				+
			
 
				+![image-20220817212442343](assets/image-20220817212442343.png)
			
 
				+
			
 
				+## 2.2、AES 对称加密在网络中的应用
			
 
				+
			
 
				+![image-20220817212505949](assets/image-20220817212505949.png)
			
 
				+
			
 
				+## 2.3、原理
			
 
				+
			
 
				+![image-20220817212603946](assets/image-20220817212603946.png)
			
 
				+
			
 
				+## 2.4、填充
			
 
				+
			
 
				+![image-20220817212651251](assets/image-20220817212651251.png)
			
 
				+
			
 
				+# 3、对称加密的工作原理（2）：工作模式
			
 
				+
			
 
				+## 3.1、定义
			
 
				+
			
 
				+![image-20220817213857230](assets/image-20220817213857230.png)
			
 
				+
			
 
				+## 3.2、ECB（Electronic codebook）模式
			
 
				+
			
 
				+![image-20220817213952227](assets/image-20220817213952227.png)
			
 
				+
			
 
				+## 3.3、CBC（Cipher-block chaining）模式
			
 
				+
			
 
				+![image-20220817214010222](assets/image-20220817214010222.png)
			
 
				+
			
 
				+## 3.4、CTR（Counter）模式
			
 
				+
			
 
				+![image-20220817214101437](assets/image-20220817214101437.png)
			
 
				+
			
 
				+## 3.5、完整性校验
			
 
				+
			
 
				+![image-20220817214203638](assets/image-20220817214203638.png)
			
 
				+
			
 
				+## 3.6、验证完整性：MAC（Message AuthenticationCode）
			
 
				+
			
 
				+![image-20220817214224192](assets/image-20220817214224192.png)
			
 
				+
			
 
				+## 3.7、GCM
			
 
				+
			
 
				+![image-20220817214310075](assets/image-20220817214310075.png)
			
 
				+
			
 
				+# 4、AES算法
			
 
				+
			
 
				+## 4.1、定义
			
 
				+
			
 
				+![image-20220817214522765](assets/image-20220817214522765.png)
			
 
				+
			
 
				+![image-20220817215134263](assets/image-20220817215134263.png)
			
 
				+
			
 
				+## 4.2、步骤
			
 
				+
			
 
				+![image-20220817215216891](assets/image-20220817215216891.png)
			
 
				+
			
 
				+![image-20220817215247745](assets/image-20220817215247745.png)
			
 
				+
			
 
				+![image-20220817215324654](assets/image-20220817215324654.png)
			
 
				+
			
 
				+![image-20220817215332252](assets/image-20220817215332252.png)
			
 
				+
			
 
				+![image-20220817215445932](assets/image-20220817215445932.png)
			
 
				+
			
 
				+![image-20220817215454646](assets/image-20220817215454646.png)
			
 
				+
			
 
				+![image-20220817215503390](assets/image-20220817215503390.png)
			
 
				+
			
 
				+![image-20220817215511069](assets/image-20220817215511069.png)
			
 
				+
			
 
				+# 5、非对称密码与RSA 算法（解决密钥传递问题）
			
 
				+
			
 
				+## 5.1、定义
			
 
				+
			
 
				+![image-20220817215623302](assets/image-20220817215623302.png)
			
 
				+
			
 
				+## 5.2、算法过程
			
 
				+
			
 
				+![image-20220817215644744](assets/image-20220817215644744.png)
			
 
				+
			
 
				+## 5.3、RAS算法
			
 
				+
			
 
				+![image-20220817215806745](assets/image-20220817215806745.png)
			
 
				+
			
 
				+![image-20220817215821569](assets/image-20220817215821569.png)
			
 
				+
			
 
				+![image-20220817215830689](assets/image-20220817215830689.png)
			
 
				+
			
 
				+# 6、非对称密码应用：PKI 证书体系
			
 
				+
			
 
				+## 6.1、定义
			
 
				+
			
 
				+![image-20220817221038193](assets/image-20220817221038193.png)
			
 
				+
			
 
				+## 6.2、签发证书流程
			
 
				+
			
 
				+![image-20220817221245923](assets/image-20220817221245923.png)
			
 
				+
			
 
				+## 6.3、签名与验签流程
			
 
				+
			
 
				+![image-20220817221323734](assets/image-20220817221323734.png)
			
 
				+
			
 
				+## 6.4、证书信任链
			
 
				+
			
 
				+![image-20220817221531118](assets/image-20220817221531118.png)
			
 
				+
			
 
				+## 6.5、PKI 公钥基础设施
			
 
				+
			
 
				+![image-20220817221557232](assets/image-20220817221557232.png)
			
 
				+
			
 
				+## 6.6、证书类型
			
 
				+
			
 
				+![image-20220817221736019](assets/image-20220817221736019.png)
			
 
				+
			
 
				+# 7、非对称密码应用：DH密钥交换协议（沟通协商AES使用的密钥）
			
 
				+
			
 
				+## 7.1、RSA密钥交换
			
 
				+
			
 
				+![image-20220817222203075](assets/image-20220817222203075.png)
			
 
				+
			
 
				+* 前向保密性：如果破解server私钥，可以解出公钥
			
 
				+
			
 
				+## 7.2、DH 密钥交换
			
 
				+
			
 
				+![image-20220817222402686](assets/image-20220817222402686.png)
			
 
				+
			
 
				+## 7.3、存在的问题
			
 
				+
			
 
				+![image-20220817222532964](assets/image-20220817222532964.png)
			
 
				+
			
 
				+* 可以使用PKI解决
			
 
				+
			
 
				+# 8、ECC 椭圆曲线的原理
			
 
				+
			
 
				+## 8.1、定义
			
 
				+
			
 
				+![image-20220817222743245](assets/image-20220817222743245.png)
			
 
				+
			
 
				+## 8.2、特性
			
 
				+
			
 
				+![image-20220817222756877](assets/image-20220817222756877.png)
			
 
				+
			
 
				+![image-20220817223025507](assets/image-20220817223025507.png)
			
 
				+
			
 
				+# 9、DH 协议升级：基于椭圆曲线的ECDH协议
			
 
				+
			
 
				+## 9.1、定义
			
 
				+
			
 
				+![image-20220817223113940](assets/image-20220817223113940.png)
			
 
				+
			
 
				+## 9.2、步骤和原理
			
 
				+
			
 
				+![image-20220817223136812](assets/image-20220817223136812.png)
			
 
				+
			
 
				+![image-20220817223142765](assets/image-20220817223142765.png)
			
 
				+
			
 
				+# 10、TLS1.2 与TLS1.3 中的ECDH协议
			
 
				+
			
 
				+## 10.1、TLS1.2 通讯过程
			
 
				+
			
 
				+![image-20220817223230693](assets/image-20220817223230693.png)
			
 
				+
			
 
				+## 10.2、FREAK 攻击
			
 
				+
			
 
				+![image-20220817223328253](assets/image-20220817223328253.png)
			
 
				+
			
 
				+## 10.3、openssl 1.1.1 版本对TLS1.3 的支持情况
			
 
				+
			
 
				+![image-20220817223457659](assets/image-20220817223457659.png)
			
 
				+
			
 
				+## 10.4、密钥交换
			
 
				+
			
 
				+![image-20220817223551821](assets/image-20220817223551821.png)
			
 
				+
			
 
				+# 11、握手的优化
			
 
				+
			
 
				+## 11.1、session 缓存
			
 
				+
			
 
				+![image-20220817223718720](assets/image-20220817223718720.png)
			
 
				+
			
 
				+## 11.2、session ticket
			
 
				+
			
 
				+![image-20220817223732948](assets/image-20220817223732948.png)
			
 
				+
			
 
				+## 11.3、TLS1.3 的 0RTT 握手
			
 
				+
			
 
				+![image-20220817223748524](assets/image-20220817223748524.png)
			
 
				+
			
 
				+## 11.4、0-RTT 面临的重放攻击
			
 
				+
			
 
				+![image-20220817223806114](assets/image-20220817223806114.png)
			
--- a/协议详解与抓包实战/assets/image-20220817212031071.png
+++ b/协议详解与抓包实战/assets/image-20220817212031071.png
--- a/协议详解与抓包实战/assets/image-20220817212051206.png
+++ b/协议详解与抓包实战/assets/image-20220817212051206.png
--- a/协议详解与抓包实战/assets/image-20220817212109183.png
+++ b/协议详解与抓包实战/assets/image-20220817212109183.png
--- a/协议详解与抓包实战/assets/image-20220817212308198.png
+++ b/协议详解与抓包实战/assets/image-20220817212308198.png
--- a/协议详解与抓包实战/assets/image-20220817212442343.png
+++ b/协议详解与抓包实战/assets/image-20220817212442343.png
--- a/协议详解与抓包实战/assets/image-20220817212505949.png
+++ b/协议详解与抓包实战/assets/image-20220817212505949.png
--- a/协议详解与抓包实战/assets/image-20220817212603946.png
+++ b/协议详解与抓包实战/assets/image-20220817212603946.png
--- a/协议详解与抓包实战/assets/image-20220817212651251.png
+++ b/协议详解与抓包实战/assets/image-20220817212651251.png
--- a/协议详解与抓包实战/assets/image-20220817213857230.png
+++ b/协议详解与抓包实战/assets/image-20220817213857230.png
--- a/协议详解与抓包实战/assets/image-20220817213952227.png
+++ b/协议详解与抓包实战/assets/image-20220817213952227.png
--- a/协议详解与抓包实战/assets/image-20220817214010222.png
+++ b/协议详解与抓包实战/assets/image-20220817214010222.png
--- a/协议详解与抓包实战/assets/image-20220817214101437.png
+++ b/协议详解与抓包实战/assets/image-20220817214101437.png
--- a/协议详解与抓包实战/assets/image-20220817214203638.png
+++ b/协议详解与抓包实战/assets/image-20220817214203638.png
--- a/协议详解与抓包实战/assets/image-20220817214224192.png
+++ b/协议详解与抓包实战/assets/image-20220817214224192.png
--- a/协议详解与抓包实战/assets/image-20220817214310075.png
+++ b/协议详解与抓包实战/assets/image-20220817214310075.png
--- a/协议详解与抓包实战/assets/image-20220817214522765.png
+++ b/协议详解与抓包实战/assets/image-20220817214522765.png
--- a/协议详解与抓包实战/assets/image-20220817215134263.png
+++ b/协议详解与抓包实战/assets/image-20220817215134263.png
--- a/协议详解与抓包实战/assets/image-20220817215216891.png
+++ b/协议详解与抓包实战/assets/image-20220817215216891.png
--- a/协议详解与抓包实战/assets/image-20220817215247745.png
+++ b/协议详解与抓包实战/assets/image-20220817215247745.png
--- a/协议详解与抓包实战/assets/image-20220817215324654.png
+++ b/协议详解与抓包实战/assets/image-20220817215324654.png
--- a/协议详解与抓包实战/assets/image-20220817215332252.png
+++ b/协议详解与抓包实战/assets/image-20220817215332252.png
--- a/协议详解与抓包实战/assets/image-20220817215445932.png
+++ b/协议详解与抓包实战/assets/image-20220817215445932.png
--- a/协议详解与抓包实战/assets/image-20220817215454646.png
+++ b/协议详解与抓包实战/assets/image-20220817215454646.png
--- a/协议详解与抓包实战/assets/image-20220817215503390.png
+++ b/协议详解与抓包实战/assets/image-20220817215503390.png
--- a/协议详解与抓包实战/assets/image-20220817215511069.png
+++ b/协议详解与抓包实战/assets/image-20220817215511069.png
--- a/协议详解与抓包实战/assets/image-20220817215623302.png
+++ b/协议详解与抓包实战/assets/image-20220817215623302.png
--- a/协议详解与抓包实战/assets/image-20220817215644744.png
+++ b/协议详解与抓包实战/assets/image-20220817215644744.png
--- a/协议详解与抓包实战/assets/image-20220817215806745.png
+++ b/协议详解与抓包实战/assets/image-20220817215806745.png
--- a/协议详解与抓包实战/assets/image-20220817215821569.png
+++ b/协议详解与抓包实战/assets/image-20220817215821569.png
--- a/协议详解与抓包实战/assets/image-20220817215830689.png
+++ b/协议详解与抓包实战/assets/image-20220817215830689.png
--- a/协议详解与抓包实战/assets/image-20220817221038193.png
+++ b/协议详解与抓包实战/assets/image-20220817221038193.png
--- a/协议详解与抓包实战/assets/image-20220817221245923.png
+++ b/协议详解与抓包实战/assets/image-20220817221245923.png
--- a/协议详解与抓包实战/assets/image-20220817221323734.png
+++ b/协议详解与抓包实战/assets/image-20220817221323734.png
--- a/协议详解与抓包实战/assets/image-20220817221531118.png
+++ b/协议详解与抓包实战/assets/image-20220817221531118.png
--- a/协议详解与抓包实战/assets/image-20220817221557232.png
+++ b/协议详解与抓包实战/assets/image-20220817221557232.png
--- a/协议详解与抓包实战/assets/image-20220817221736019.png
+++ b/协议详解与抓包实战/assets/image-20220817221736019.png
--- a/协议详解与抓包实战/assets/image-20220817222203075.png
+++ b/协议详解与抓包实战/assets/image-20220817222203075.png
--- a/协议详解与抓包实战/assets/image-20220817222402686.png
+++ b/协议详解与抓包实战/assets/image-20220817222402686.png
--- a/协议详解与抓包实战/assets/image-20220817222532964.png
+++ b/协议详解与抓包实战/assets/image-20220817222532964.png
--- a/协议详解与抓包实战/assets/image-20220817222743245.png
+++ b/协议详解与抓包实战/assets/image-20220817222743245.png
--- a/协议详解与抓包实战/assets/image-20220817222756877.png
+++ b/协议详解与抓包实战/assets/image-20220817222756877.png
--- a/协议详解与抓包实战/assets/image-20220817223025507.png
+++ b/协议详解与抓包实战/assets/image-20220817223025507.png
--- a/协议详解与抓包实战/assets/image-20220817223113940.png
+++ b/协议详解与抓包实战/assets/image-20220817223113940.png
--- a/协议详解与抓包实战/assets/image-20220817223136812.png
+++ b/协议详解与抓包实战/assets/image-20220817223136812.png
--- a/协议详解与抓包实战/assets/image-20220817223142765.png
+++ b/协议详解与抓包实战/assets/image-20220817223142765.png
--- a/协议详解与抓包实战/assets/image-20220817223230693.png
+++ b/协议详解与抓包实战/assets/image-20220817223230693.png
--- a/协议详解与抓包实战/assets/image-20220817223328253.png
+++ b/协议详解与抓包实战/assets/image-20220817223328253.png
--- a/协议详解与抓包实战/assets/image-20220817223457659.png
+++ b/协议详解与抓包实战/assets/image-20220817223457659.png
--- a/协议详解与抓包实战/assets/image-20220817223551821.png
+++ b/协议详解与抓包实战/assets/image-20220817223551821.png
--- a/协议详解与抓包实战/assets/image-20220817223718720.png
+++ b/协议详解与抓包实战/assets/image-20220817223718720.png
--- a/协议详解与抓包实战/assets/image-20220817223732948.png
+++ b/协议详解与抓包实战/assets/image-20220817223732948.png
--- a/协议详解与抓包实战/assets/image-20220817223748524.png
+++ b/协议详解与抓包实战/assets/image-20220817223748524.png
--- a/协议详解与抓包实战/assets/image-20220817223806114.png
+++ b/协议详解与抓包实战/assets/image-20220817223806114.png