Tls

Checking SSL certificates on a browser is easy. Just click the green lock icon and you’re good to go. But what if doing the same in a more hacker way? This is where openssl comes into play. Let’s start by checking the SSL certificate of this website: openssl s_client -connect www.serhatdundar.com:443 depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = www.github.com --- Certificate chain 0 s:/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=www.github.com i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIHMDCCBhigAwIBAgIQAkk+B/qeN1otu8YdlEMPzzANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDYwMDAwMDBaFw0yMjA0MTQxMjAwMDBa MGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T YW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xFzAVBgNVBAMTDnd3 dy5naXRodWIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj49 ... -----END CERTIFICATE----- subject=/C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=www.github.com issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA --- No client certificate CA names sent Server Temp Key: ECDH, X25519, 253 bits --- SSL handshake has read 3673 bytes and written 289 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Session-ID-ctx: Master-Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - xx xx 60 d0 86 88 c0 26-2e 67 c0 e0 01 84 09 ab .,`....&.x...... 0010 - xx xx 95 f2 fa fa 1f f6-01 06 e3 99 23 2d 69 9a i...........#-x. 0020 - xx xx d1 f6 98 35 b5 f4-8f 91 47 b1 8e a6 d4 d2 *....6....G..... 0030 - xx xx b2 f4 61 f1 b0 7d-43 cb 66 62 c6 15 52 ad \*..x..}C.fb..R. 0040 - xx xx c3 f9 a9 f3 f8 e7-f2 7f b8 d3 0e 02 d2 da /...x........... 0050 - xx xx 0f 8f c1 1c 6e b3-f0 ae 4c ac 4e f6 8d 7c g.....x...L.N..| 0060 - xx xx 3b 2a 77 b3 c2 f0-2b e3 9f 73 1e db 07 6c /.;*x...+..s...l 0070 - xx xx a3 b5 42 74 de 4b-55 73 15 cf b0 97 c7 84 <...Bx.KUs...... 0080 - xx xx 65 ee cc 68 35 68-76 ef 7b 4a 7b 41 b3 94 ..e..x5hv.{J{A.. 0090 - xx xx 57 3f 74 a8 e8 0a-ec de 8b 77 49 f9 33 b0 `0W?x......wI.3. Start Time: 1643082971 Timeout : 7200 (sec) Verify return code: 0 (ok) Let’s investigate this response piece by piece. ...

Hybrid Encryption: Symmetric and Asymmetric Encryption Combined Both symmetric and asymmetric encryption has advantages and disadvantages. So, which one should we use? Well, nowadays we often use them together. Asymmetric encryption is often used to exchange private keys between parties securely. In other words, parties who would communicate establish an asymmetric encryption protocol in the beginning just to exchange private keys. When the private key exchange is completed, they keep communicating by using symmetric encryption - which is faster than asymmetric encryption. This is also how SSL/TLS works. ...