parda25

CA PAM Cipher suites for HTTPS

Blog Post created by parda25 Employee on Mar 16, 2018

Introduction

HTTPS Client hello packet is captured to view cipher suite used in HTTPS connection from CA PAM.

 

PAM 3.1.1

 

Frame 213: 235 bytes on wire (1880 bits), 235 bytes captured (1880 bits) on interface 0

Ethernet II, Src: Dell_fc:09:36 (ec:f4:bb:fc:09:36), Dst: 02:00:bc:20:22:74 (02:00:bc:20:22:74)

Internet Protocol Version 4, Src: 155.35.245.95, Dst: 10.131.136.171

Transmission Control Protocol, Src Port: 49879, Dst Port: 443, Seq: 1, Ack: 1, Len: 181

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Client Hello

       Content Type: Handshake (22)

       Version: TLS 1.0 (0x0301)

       Length: 176

       Handshake Protocol: Client Hello

           Handshake Type: Client Hello (1)

           Length: 172

           Version: TLS 1.2 (0x0303)

           Random: 860e03f365191af493ab532b267ce4f83c9a235493af6ecb...

           Session ID Length: 0

           Cipher Suites Length: 36

           Cipher Suites (18 suites)

               Cipher Suite: Reserved (GREASE) (0x8a8a)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)

               Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)

               Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

               Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

               Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

               Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

               Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

               Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

           Compression Methods Length: 1

           Compression Methods (1 method)

           Extensions Length: 95

           Extension: Reserved (GREASE) (len=0)

           Extension: renegotiation_info (len=1)

           Extension: extended_master_secret (len=0)

           Extension: SessionTicket TLS (len=0)

           Extension: signature_algorithms (len=18)

           Extension: status_request (len=5)

           Extension: signed_certificate_timestamp (len=0)

           Extension: application_layer_protocol_negotiation (len=14)

           Extension: ec_point_formats (len=2)

           Extension: supported_groups (len=10)

           Extension: Reserved (GREASE) (len=1)

 

PAM 2.8.4

 

No.     Time           Source               Destination           Protocol Length Source Port Destination Port Info

   304 7.095318       155.35.245.40         10.131.136.171       TLSv1.2 228   45619       443             Client Hello

 

Frame 304: 228 bytes on wire (1824 bits), 228 bytes captured (1824 bits) on interface 0

Ethernet II, Src: Dell_fc:09:36 (ec:f4:bb:fc:09:36), Dst: 02:00:bc:20:22:74 (02:00:bc:20:22:74)

Internet Protocol Version 4, Src: 155.35.245.40, Dst: 10.131.136.171

Transmission Control Protocol, Src Port: 45619, Dst Port: 443, Seq: 1, Ack: 1, Len: 174

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Client Hello

       Content Type: Handshake (22)

       Version: TLS 1.0 (0x0301)

       Length: 169

       Handshake Protocol: Client Hello

           Handshake Type: Client Hello (1)

           Length: 165

           Version: TLS 1.2 (0x0303)

           Random: 85c2bb8f863f745cb01d55d3893fcbf8c04bb307ee823995...

           Session ID Length: 0

           Cipher Suites Length: 34

           Cipher Suites (17 suites)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

               Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)

               Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)

               Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc15)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

               Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

               Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

               Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

               Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

               Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

               Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

               Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

               Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

               Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

           Compression Methods Length: 1

           Compression Methods (1 method)

           Extensions Length: 90

           Extension: server_name (len=19)

           Extension: extended_master_secret (len=0)

           Extension: SessionTicket TLS (len=0)

           Extension: signature_algorithms (len=22)

           Extension: status_request (len=5)

           Extension: next_protocol_negotiation (len=0)

           Extension: signed_certificate_timestamp (len=0)

           Extension: ec_point_formats (len=2)

           Extension: supported_groups (len=6)

Outcomes