当要结束会话时,服务器发送一个Encrypted Alert 表示加密通信中断,警告对方不要再发送敏感数据。接下来发送[ FIN,ACK ],结束 TCP 连接。

    Since we are already in an encrypted connection, the only way to really know what is being sent within packets is to make Wireshark or similar tools aware of the keys used in the transmission. Even though this is possible, I think for the purpose of this analysis it is enough to know that the client sends an alert message when the connection is asked to be closed actively by the client or server. The type of this Alert message should be CloseNotify (type 0), but we won’t be able to see it from the raw data. In this case, the client is the sender of the following Alert message: