wireshark抓包client Certificate

wireshark抓包之后,过滤语法ip.src==13.230.10.3 or ip.dst==13.230.10.3

13.230.10.3是服务器的ip

ip.src==13.230.10.3,用来查看服务器发给客户端的请求

ip.dst==13.230.10.3,用来查看客户端发给服务器的请求

服务要求进行client certificate认证,做两次实验,分别是客户端带证书和客户端不附带证书

不带证书进行请求的话,certificates length是0

 

要求客户端证书验证,但是客户端没有提供,最后服务器会中断请求。一个Encrypted Alert

https://support.f5.com/csp/article/K95610370

Alert Message: Encrypted Alert. The Content Type: Alert (21) designates a Close Notify. You would need to decrypt the packet for Wireshark to show the Close Notify. None. This is normal and is used by the TLS protocol for notifying the peer that the connection can be closed.

 

https://datatracker.ietf.org/doc/html/rfc5246#section-7.2

   decryption_failed_RESERVED(21),

 

 

 

附带证书进行请求的话,certificates length是1683

 

posted @ 2021-12-10 14:43  ChuckLu  阅读(779)  评论(0编辑  收藏  举报