Skip to content

Introduction

TLS Handshake Analysis

This entry assumes some understanding of Wireshark and basic networking and protocol knowledge.

What is a Cipher Suite?

A cipher suite in the TLS handshake is a suite of protocols that are grouped together; each protocol used for a different aspect of the process. Below is a screenshot the how the Cipher Suites are listed within the Client Hello packet. For context, the Client Hello packet is when the client is providing the server with a menu of options from which the server can select so they can communicate with each other.

ciphersuites

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  1. Key Exchange: ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
  2. Authentication: RSA (Rivest–Shamir–Adleman)
  3. Encryption: AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode)
  4. Hashing: SHA-384 (Secure Hash Algorithm with 384-bit output)

This cipher suite uses a strong elliptic curve key exchange and RSA for authentication, providing both security and performance. The AES-256 encryption ensures confidentiality, while the SHA-384 hash maintains integrity.

TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

  • Key Exchange: DHE (Diffie-Hellman Ephemeral)
  • Authentication: RSA
  • Encryption: ChaCha20-Poly1305
  • Hashing: SHA-256

This suite uses DHE for key exchange, which supports perfect forward secrecy. ChaCha20-Poly1305 is an alternative to AES and is highly efficient, even on low-power devices, making this suite suitable for performance-sensitive environments.

Cipher Suite Security Red Flags

Cipher suites that do not provide forward secrecy (FS) generally rely on the RSA key exchange method. These cipher suites expose session keys if the server’s private key is compromised, allowing attackers to decrypt past communications. Here’s a list of common non-FS cipher suites, typically using RSA key exchange.

Common Cipher Suites Without Forward Secrecy

  1. TLS_RSA_WITH_RC4_128_MD5 (0x0004)
  2. TLS_RSA_WITH_RC4_128_SHA (0x0005)
  3. TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
  4. TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
  5. TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
  6. TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
  7. TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
  8. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
  9. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
  10. TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
  11. TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
  12. TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
  13. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)
  14. TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)

How to Identify Non-FS Cipher Suites

  1. RSA Key Exchange:

  2. Cipher suites that start with TLS_RSA_ use RSA for key exchange, meaning they do not offer forward secrecy.

  3. Lack of DHE/ECDHE:

  4. Suites that use DHE (Diffie-Hellman Ephemeral) or ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) provide forward secrecy. If these are missing, the suite lacks FS.

Impact

  • Lack of forward secrecy means that if an attacker gains access to the server's private key, they can decrypt past and future communications.
  • These cipher suites are generally deprecated and considered insecure by today’s standards. Most modern browsers and servers have phased them out in favor of forward-secrecy-enabled suites (like ECDHE-based suites).

If you're analyzing network traffic, filtering for these RSA-based suites can help identify sessions without forward secrecy that are more vulnerable to decryption if the private key is compromised.

Record Lengths