1. 为什么国密HTTPS抓包不能照搬TLS 1.2/1.3那一套你有没有试过直接用Wireshark打开一个国密HTTPS网站的pcap文件结果在TLS解密栏里看到一长串“Encrypted Handshake Message”点开Client Hello却只看到一堆乱码字段连Server NameSNI都解析不出来我第一次遇到这情况时以为是Wireshark版本太老——升级到4.2.0、装了OpenSSL 3.0支持、甚至重装了整个开发环境问题依旧。后来翻遍RFC文档才发现国密HTTPS不是TLS的简单参数替换而是一套独立演进的密码套件体系其握手结构、扩展字段、密钥派生逻辑全部重构过。它不叫“TLS over SM2/SM4”官方名称是“GM/T 0024-2014《SSL VPN技术规范》”后续被GB/T 38636-2020《信息安全技术 传输层密码协议》正式纳入国家标准。这意味着——Client Hello里的Cipher Suites字段填的不是0x1301TLS_AES_128_GCM_SHA256而是0x0081ECC_SM4_CBC_SM3或0x0082ECC_SM4_GCM_SM3Server Hello返回的Certificate消息证书链里必须包含SM2公钥且签名算法标识为1.2.156.10197.1.501sm2p256v1而非1.2.840.113549.1.1.11sha256WithRSAEncryptionKey Exchange阶段不走RSA密钥传输或ECDHE密钥交换而是执行SM2密钥协商协议GB/T 32918.3-2016其密钥材料生成方式、临时密钥格式、共享密钥计算步骤与标准ECDH完全不同所有加密载荷Application Data使用SM4-CBC或SM4-GCM其IV长度、认证标签Tag位置、填充规则均与AES-GCM不兼容。提示Wireshark默认只内置了OpenSSL 1.1.1的TLS解密逻辑而国密协议栈如BabaSSL、Tongsuo的密钥日志格式SSLKEYLOGFILE与OpenSSL不一致。你即使导出了密钥日志Wireshark也读不懂——它不认识CLIENT_ECC_SECRET这个字段更不会用SM3哈希来派生密钥块。所以这不是“Wireshark能不能抓包”的问题而是“你能否让Wireshark理解国密协议语义”的问题。接下来要做的不是调高抓包权限而是重建一套从协议识别、密钥注入、到字段解析的完整信任链。这正是本文要带你实操的核心不依赖任何商业插件纯开源工具链下完成国密HTTPS握手全流程的可验证、可复现、可调试分析。2. 抓包前必做的三件事环境、证书、密钥日志全打通很多教程跳过这一步直接教你怎么点开Wireshark看包结果卡在“Decrypted SSL”永远显示灰色。其实90%的失败源于这三件事没做对。我踩过最深的坑是用Tongsuo生成的SM2证书在Nginx里配好了但Wireshark死活不认——最后发现是证书里的Subject Alternative NameSAN字段用了中文CN名而Wireshark的SNI解析器只认ASCII域名。下面是我验证过的最小可行配置路径2.1 工具链选型为什么坚持用Tongsuo而非OpenSSL国密生态里OpenSSL 3.0虽已支持SM2/SM4但其SSL模块对GM/T 0024的实现仍停留在实验阶段BabaSSL功能完整但编译复杂最终我锁定Tongsuo 0.4.0蚂蚁开源的国密增强版OpenSSL原因有三它原生支持-cipher参数指定国密套件例如ECC-SM4-CBC-SM3无需手动拼接OID其openssl s_server命令能输出标准格式的SSLKEYLOGFILE含CLIENT_ECC_SECRET和SERVER_ECC_SECRET两行Wireshark 4.2.0已适配该格式提供openssl gmssl子命令可一键生成符合GB/T 38636要求的证书请求CSR自动注入SM2签名算法OID。安装命令Ubuntu 22.04# 下载预编译包避免编译耗时 wget https://github.com/tongsuo-project/tongsuo/releases/download/tongsuo-0.4.0/tongsuo_0.4.0-1_amd64.deb sudo dpkg -i tongsuo_0.4.0-1_amd64.deb # 验证安装 tongsuo version # 输出应含 built on: ... with SM2/SM4/SM9 support2.2 证书生成SM2根证书 双密钥终端证书国密HTTPS要求服务端证书必须含SM2公钥且私钥用于SM2签名和密钥协商。关键点在于不能只生成一个SM2密钥对而要生成“签名密钥协商密钥”双套GB/T 38636-2020第7.3.2条。Tongsuo通过-sm2_id参数隐式处理此逻辑但需手动指定ID值默认为1234567812345678必须与服务端配置一致# 1. 生成SM2根CA私钥用于签发终端证书 tongsuo genpkey -algorithm sm2 -out ca.key -pkeyopt ec_paramgen_curve:sm2 -pkeyopt ec_param_enc:named_curve # 2. 生成根CA证书注意-subj中CN必须为英文且SAN必须含IP或域名 tongsuo req -x509 -new -key ca.key -out ca.crt -days 3650 \ -subj /CCN/STBeijing/LBeijing/OMyCA/CNmyca.local \ -addext subjectAltName DNS:myca.local, IP:127.0.0.1 # 3. 生成服务端SM2私钥签名协商共用同一密钥对Tongsuo自动处理 tongsuo genpkey -algorithm sm2 -out server.key -pkeyopt ec_paramgen_curve:sm2 # 4. 生成证书请求关键-sm2_id必须与Nginx配置中的ssl_sm2_id一致 tongsuo req -new -key server.key -out server.csr -sm2_id 1234567812345678 \ -subj /CCN/STBeijing/LBeijing/OMyServer/CNlocalhost # 5. 用CA签发服务端证书关键-extfile中必须声明SM2签名算法 cat ext.cnf EOF [req] distinguished_name req_distinguished_name [req_distinguished_name] [alt_names] DNS.1 localhost IP.1 127.0.0.1 [server_cert] basicConstraints CA:FALSE keyUsage digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage serverAuth subjectAltName alt_names # 强制指定SM2签名算法OID: 1.2.156.10197.1.501 subjectKeyIdentifier hash authorityKeyIdentifier keyid,issuer EOF tongsuo x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -out server.crt -days 365 -extfile ext.cnf -extensions server_cert注意-sm2_id参数值必须是16字节十六进制字符串32字符且在服务端和客户端配置中完全一致。这是SM2密钥协商的会话标识错一位就协商失败。2.3 密钥日志导出让Wireshark读懂SM2密钥交换Wireshark解密HTTPS依赖SSLKEYLOGFILE环境变量指向的明文密钥日志。Tongsuo的s_server命令支持-keylogfile参数但需配合-cipher指定国密套件否则默认走RSA# 启动Tongsuo测试服务器监听8443强制使用SM2/SM4套件 export SSLKEYLOGFILE/tmp/sslkey.log tongsuo s_server -accept 8443 -cert server.crt -key server.key \ -cipher ECC-SM4-CBC-SM3 -keylogfile /tmp/sslkey.log \ -CAfile ca.crt -verify 1 -sm2_id 1234567812345678此时访问https://localhost:8443需先将ca.crt导入系统信任库Wireshark就能捕获到真实握手流量。关键验证点打开/tmp/sslkey.log应看到类似内容CLIENT_ECC_SECRET 5F3A...1234 04A1B2...C3D4 SERVER_ECC_SECRET 5F3A...1234 04E5F6...G7H8其中5F3A...1234是Client Random32字节后接SM2协商得到的共享密钥65字节含04前缀。Wireshark 4.2.0能正确解析此格式并用SM3哈希派生出client_write_key、server_write_iv等密钥材料。3. Wireshark配置实战从“乱码”到“逐帧可读”的七步调试法即使有了正确密钥日志Wireshark默认仍无法解析国密字段。这是因为其TLS解析器未启用国密协议识别。我总结出一套七步调试法每步都对应一个具体现象和解决方案确保你能亲手把“Encrypted Handshake Message”变成可展开的明文结构。3.1 步骤1启用TLS解密并指定密钥日志路径这是基础但极易出错打开Wireshark → Edit → Preferences → Protocols → TLS在“(Pre)-Master-Secret log filename”框中绝对路径填写/tmp/sslkey.log不能用~或相对路径勾选“Enable RSA keys logging”兼容性开关国密不依赖RSA但需开启取消勾选“Disable SSL/TLS protocol dissection”否则所有TLS包显示为Raw。验证抓包后点开任意TLS包右键→Decode As→Transport→TLS若显示“TLSv1.2”而非“TCP”说明协议识别已生效。3.2 步骤2强制TLS解析器识别国密套件关键Wireshark默认只识别IANA注册的Cipher Suite ID。国密套件0x0081未被IANA收录需手动添加映射进入Preferences → Protocols → TLS → “Cipher suites”表点击“”新增一行Cipher suite value:0x0081Cipher suite name:TLS_ECC_SM4_CBC_SM3Key exchange:ECCCipher:SM4-CBCMAC/HMAC:SM3同样添加0x0082TLS_ECC_SM4_GCM_SM3。原理Wireshark在解析Server Hello时会查此表获取套件语义。没有这行它就把0x0081当未知套件后续密钥派生逻辑直接跳过。3.3 步骤3修正证书解析器对SM2 OID的支持即使套件识别了Certificate消息里的SM2公钥仍显示为“Unknown Algorithm”。这是因为Wireshark的X.509解析器未注册SM2 OID。解决方案是修改其OID映射文件需管理员权限找到Wireshark安装目录下的oids.txtLinux通常在/usr/share/wireshark/在文件末尾添加1.2.156.10197.1.301 sm2PublicKey 1.2.156.10197.1.501 sm2Sign重启Wireshark。验证展开Certificate消息→TBSCertificate→subjectPublicKeyInfo→algorithm应显示“sm2PublicKey (1.2.156.10197.1.301)”。3.4 步骤4Client Hello深度解析SNI与密钥协商参数提取国密Client Hello比标准TLS多两个关键扩展SM2 ID扩展type0xFE00携带客户端SM2 ID如1234567812345678用于密钥协商初始化Supported Groups扩展必须包含sm2p256v1group_id29。在Wireshark中展开Client Hello → Extensions应看到Extension: sm2_id (len16) Type: sm2_id (65024) Length: 16 sm2_id: 31323334353637383132333435363738 # ASCII 1234567812345678 Extension: supported_groups (len6) Type: supported_groups (10) Length: 6 Supported Groups List Length: 4 Supported Groups (1 group) Supported Group: sm2p256v1 (29)实操技巧若此处看不到sm2_id扩展说明客户端如curl未启用国密。需用Tongsuo的curltongsuo curl --tlsv1_2 --ciphers ECC-SM4-CBC-SM3 https://localhost:8443。3.5 步骤5Server Hello解析确认国密套件与密钥协商参数Server Hello必须返回0x0081套件并在Extensions中携带sm2p256v1Cipher Suite: TLS_ECC_SM4_CBC_SM3 (0x0081) Extension: supported_groups (len6) Supported Groups (1 group) Supported Group: sm2p256v1 (29)更关键的是Server Key Exchange消息——国密中此消息携带SM2协商所需的临时公钥ephemeral public key。展开该消息应看到EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: sm2p256v1 (29) Pubkey Length: 65 Pubkey: 04a1b2...c3d4 # 65字节以04开头的未压缩格式注意标准TLS的Server Key Exchange用于ECDHE而国密中它承载SM2密钥协商的临时密钥。Wireshark能解析此结构证明其已加载sm2p256v1曲线定义。3.6 步骤6Certificate Verify解析SM2签名验证国密中Server Certificate Verify消息使用SM2私钥对握手摘要签名。展开该消息应看到Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Signature: 3045...a1b2 # DER编码的SM2签名Wireshark会尝试用证书中SM2公钥验证此签名。若验证失败会标红“Signature invalid”。常见原因证书中SM2公钥与签名算法OID不匹配检查ext.cnf中是否漏写subjectKeyIdentifierssl_sm2_id配置与Client Hello中发送的ID不一致重新核对16字节值。3.7 步骤7Application Data解密SM4-CBC与SM4-GCM的区别当握手完成Application Data开始传输。Wireshark会显示解密后的内容如HTTP响应。但要注意两种模式差异模式SM4-CBC0x0081SM4-GCM0x0082IV长度16字节固定12字节随机认证标签无16字节附加在密文末尾Wireshark显示“Decrypted TLS”字段含完整HTTP“Decrypted TLS”字段含HTTP末尾多16字节Tag验证右键Application Data包→“Follow”→“TLS Stream”若看到明文HTTP头如HTTP/1.1 200 OK说明解密成功。若仍为乱码检查密钥日志中CLIENT_ECC_SECRET的Client Random是否与Client Hello中一致Wireshark左下角状态栏显示“TLS: Decrypted using CLIENT_ECC_SECRET”即成功。4. 国密HTTPS握手全流程逐帧拆解从连接建立到密钥派生现在我们把前面所有配置串联起来用真实抓包数据还原一次完整的国密HTTPS握手。我用Tongsuo s_server端口8443和Tongsuo curl发起请求捕获到12个关键数据包。下面按时间顺序逐帧解释每个包的作用、字段含义及安全意义。4.1 Packet 1TCP三次握手SYN → SYN-ACK → ACK这是所有TLS连接的基础国密无特殊要求但需注意客户端源端口如54321在后续TLS Client Hello中不体现但Wireshark用其关联会话流若网络存在中间设备如防火墙需确保其不干扰TCP选项如TCP Fast Open否则可能影响握手时序。4.2 Packet 2Client HelloTLSv1.2这是国密握手的起点核心字段如下Version: TLS 1.2 (0x0303) Random: 5F3A...1234 # 32字节用于密钥派生 Session ID: 00 # 新会话为空 Cipher Suites (1 suite) Cipher Suite: TLS_ECC_SM4_CBC_SM3 (0x0081) Compression Methods (1 method) Compression Method: null (0) Extensions (5 extensions) Extension: server_name (len18) Server Name Indication extension Server Name list length: 16 Server Name Type: host_name (0) Server Name length: 13 Server Name: localhost Extension: sm2_id (len16) # 国密特有 sm2_id: 31323334353637383132333435363738 Extension: supported_groups (len6) Supported Groups List Length: 4 Supported Groups (1 group): sm2p256v1 (29) Extension: signature_algorithms (len12) Signature Algorithms Length: 10 Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Extension: application_layer_protocol_negotiation (len5) ALPN Extension length: 3 ALPN Protocol: h2 (2)关键洞察Client Hello已明确声明“我要用SM2做密钥协商、SM4做加密、SM3做哈希”且通过sm2_id告知服务端会话标识。此时客户端尚未发送任何密钥材料仅靠随机数和算法偏好建立协商基础。4.3 Packet 3Server HelloTLSv1.2服务端响应确认协商参数Version: TLS 1.2 (0x0303) Random: A1B2...C3D4 # 服务端随机数32字节 Session ID: 00 # 服务端接受新会话 Cipher Suite: TLS_ECC_SM4_CBC_SM3 (0x0081) Compression Method: null (0) Extensions (3 extensions) Extension: supported_groups (len6) Supported Groups (1 group): sm2p256v1 (29) Extension: renegotiation_info (len1) Renegotiation Info extension Extension: extended_master_secret (len0)注意Server Hello不返回sm2_id扩展因为ID由客户端单向提供。服务端只需确认支持sm2p256v1曲线即可。4.4 Packet 4CertificateX.509 v3服务端证书链核心是SM2公钥Certificate Length: 1234 Certificate Types: X.509 Certificate (1 certificate) Certificate Length: 1228 Version: 3 (0x2) Serial Number: 01 Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Issuer: CNmyca.local, OMyCA, CCN Validity Not Before: Jan 1 00:00:00 2024 GMT Not After : Jan 1 00:00:00 2029 GMT Subject: CNlocalhost, OMyServer, CCN Subject Public Key Info Public Key Algorithm: sm2PublicKey (1.2.156.10197.1.301) Subject Public Key: 04A1B2...C3D4 # 65字节SM2公钥 Extensions (5 extensions) Extension: subjectAltName (len22) DNS Name: localhost IP Address: 127.0.0.1 Extension: keyUsage (len4) Digital Signature, Key Encipherment, Key Agreement安全要点证书中keyUsage必须含Key Agreement密钥协商这是SM2用于密钥交换的法律依据。若只标Digital Signature则该密钥仅能签名不能协商。4.5 Packet 5Server Key ExchangeSM2密钥协商这是国密区别于标准TLS的核心帧EC Diffie-Hellman Server Params Curve Type: named_curve (0x03) Named Curve: sm2p256v1 (29) Pubkey Length: 65 Pubkey: 04E5F6...G7H8 # 服务端临时SM2公钥 Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Signature: 3045...A1B2 # 对前述Pubkey的SM2签名原理详解服务端生成临时SM2密钥对将公钥放入此消息并用证书中SM2私钥签名。客户端收到后用证书公钥验签再用自身SM2私钥与服务端公钥执行SM2密钥协商GB/T 32918.3得到64字节共享密钥。此过程不暴露任何私钥且抗中间人攻击。4.6 Packet 6Certificate Request可选若服务端要求客户端证书双向认证会发送此消息Certificate Types (1 type) Certificate Type: sm2_sign (65) Distinguished Names (0 entries)实操建议生产环境慎用双向认证因客户端SM2证书管理成本高。测试时可跳过即不发送此包。4.7 Packet 7Server Hello Done标志服务端握手消息发送完毕Handshake Protocol: ServerHelloDone Length: 04.8 Packet 8Certificate客户端证书双向认证时若启用双向认证客户端发送自身SM2证书Certificate (1 certificate) Version: 3 (0x2) Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Subject Public Key Info Public Key Algorithm: sm2PublicKey (1.2.156.10197.1.301) Subject Public Key: 04C1D2...E3F44.9 Packet 9Certificate Verify客户端签名客户端用自身SM2私钥对握手摘要签名Signature Algorithm: sm2Sign (1.2.156.10197.1.501) Signature: 3045...C1D2验证逻辑服务端用客户端证书中SM2公钥验签确认客户端持有对应私钥。4.10 Packet 10Change Cipher Spec Encrypted Handshake Message客户端切换至加密通信Change Cipher Spec Protocol: Change Cipher Spec [Length: 1] [Change cipher spec message] Encrypted Handshake Message [Length: 40] [Encrypted handshake data]此时所有后续消息包括Finished均用SM4-CBC加密。4.11 Packet 11Change Cipher Spec Encrypted Handshake Message服务端服务端同步切换Change Cipher Spec Protocol: Change Cipher Spec Encrypted Handshake Message4.12 Packet 12Finished密钥确认双方发送加密的Finished消息验证密钥一致性Handshake Protocol: Finished Length: 12 Verify Data: 1A2B...3C4D # 12字节由PRF(SM3)生成核心机制Finished消息的Verify Data是用协商出的master_secret和所有握手消息哈希SM3生成的PRF值。若双方计算结果一致证明密钥派生正确握手成功。5. 常见故障排查从Wireshark报错到根因定位的完整链路即使按上述步骤操作仍可能遇到各种“看似正常实则失败”的情况。我整理了6类高频故障每类都给出Wireshark中的具体报错现象、底层原理、排查步骤及修复方案。这些不是理论推测而是我在金融、政务项目中真实踩过的坑。5.1 故障1“No SNI in Client Hello”但curl命令明确指定了--resolve现象Wireshark中Client Hello的Extensions里找不到server_name扩展但命令是curl --resolve localhost:8443:127.0.0.1 https://localhost:8443。根因Tongsuo curl默认禁用SNI为兼容老旧国密网关。需显式开启tongsuo curl --tlsv1_2 --ciphers ECC-SM4-CBC-SM3 \ --resolve localhost:8443:127.0.0.1 \ --tls-authtype sm2 \ https://localhost:8443--tls-authtype sm2参数强制启用SNI和SM2相关扩展。验证抓包后检查Client Hello → Extensions → server_name长度应0。5.2 故障2“SSL KEY LOG FILE not found”但文件明明存在现象Wireshark状态栏提示“SSL KEY LOG FILE not found”而/tmp/sslkey.log有内容且权限为644。根因Wireshark以非root用户运行但/tmp/sslkey.log由root启动的s_server创建如用sudo tongsuo s_server导致权限为600Wireshark无权读取。修复统一用普通用户运行# 不要用sudo tongsuo s_server -accept 8443 -cert server.crt -key server.key \ -cipher ECC-SM4-CBC-SM3 -keylogfile /tmp/sslkey.log \ -CAfile ca.crt -verify 1 -sm2_id 1234567812345678验证ls -l /tmp/sslkey.log显示owner为当前用户。5.3 故障3Client Hello含sm2_id但Server Key Exchange为空现象Packet 5Server Key Exchange显示“Malformed Packet”展开后全是00。根因服务端证书未正确配置ssl_sm2_id。Nginx配置示例server { listen 8443 ssl; ssl_certificate /path/to/server.crt; ssl_certificate_key /path/to/server.key; ssl_protocols TLSv1.2; ssl_ciphers ECC-SM4-CBC-SM3; ssl_sm2_id 1234567812345678; # 必须与Client Hello中一致 }若漏掉ssl_sm2_id指令Tongsuo OpenSSL会跳过SM2密钥协商返回空消息。验证检查Nginx错误日志应有[error] ... no sm2_id configured。5.4 故障4“Signature invalid” in Certificate Verify现象Packet 9Certificate Verify标红“Signature invalid”。根因客户端SM2私钥与证书中公钥不匹配。常见于用不同工具生成密钥对如用OpenSSL生成SM2私钥但用Tongsuo签发证书。修复全程用Tongsuo# 生成客户端SM2密钥对 tongsuo genpkey -algorithm sm2 -out client.key -pkeyopt ec_paramgen_curve:sm2 # 生成CSR带sm2_id tongsuo req -new -key client.key -out client.csr -sm2_id 8765432187654321 # 用CA签发 tongsuo x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -out client.crt -days 365 -extfile ext.cnf -extensions server_cert验证用tongsuo pkey -in client.key -text -noout查看私钥确认pub:字段与client.crt中Subject Public Key一致。5.5 故障5Application Data解密后仍是乱码现象Wireshark显示“Decrypted TLS”但内容为不可读字符。根因密钥日志中的CLIENT_ECC_SECRET的Client Random与Client Hello中不一致。Wireshark用日志中的Random去匹配Client Hello错一位就失败。排查在Wireshark中右键Client Hello → “Copy” → “As Hex Stream”取前32字节64字符cat /tmp/sslkey.log | grep CLIENT_ECC_SECRET | cut -d -f2取第二字段用diff (echo 5F3A... | xxd -r -p | xxd) (echo 5F3A... | xxd -r -p | xxd)比对二进制。修复确保s_server和curl使用同一时间启动避免Random重复。或强制指定Random不推荐仅调试# 生成固定Random的Client Hellocurl不支持需改代码 # 更可靠重启s_server清空sslkey.log重抓。5.6 故障6Wireshark解析出Certificate但“Public Key Algorithm”显示“Unknown”现象Certificate消息中subjectPublicKeyInfo.algorithm显示“Unknown (1.2.156.10197.1.301)”。根因oids.txt未正确添加SM2 OID映射或Wireshark未重启。修复确认oids.txt路径正确wireshark -G folders可查添加行后保存必须完全退出Wireshark进程killall wireshark再重新打开在Preferences → Protocols → TLS → “Rebuild packet list”按钮点击刷新。验证打开任意含SM2证书的pcap展开Certificate → subjectPublicKeyInfo → algorithm应显示“sm2PublicKey”。6. 进阶技巧用Tongsuo命令行快速验证国密握手健康度Wireshark适合深度分析但日常开发需要秒级验证。我封装了几个Tongsuo命令无需启动服务、无需抓包直接返回握手状态码和关键参数堪称国密HTTPS的“ping命令”。6.1 一键检测服务端国密支持s_client# 检测localhost:8443是否支持ECC-SM4-CBC-SM3 tongsuo s_client -connect localhost:8443 -cipher ECC-SM4-CBC-SM3 \ -CAfile ca.crt -showcerts -debug 2/dev/null | \ awk /Protocol/,/Cipher/ {print} /Verify return code/ {print}预期输出Protocol : TLSv1.2 Cipher : TLS_ECC_SM4_CBC_SM3 Verify return code: 0 (ok)若Cipher显示0000或Verify return code非0说明服务