Giters

adulau / ssldump

ssldump - (de-facto repository gathering patches around the cyberspace)

Home Page:http://adulau.github.io/ssldump/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TLS 1.2: Decryption failure with a Session Ticket

os12 opened this issue · comments

commented

Overview

Just found an issue with TLS 1.2 Session Tickets. Consider the following:

1 1  0.0180 (0.0180)  C>S  Handshake
      ClientHello
        Version 3.3
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        .....
        compression methods
                  NULL
        extensions
          server_name
              host_name: www.googleapis.com
          status_request
          supported_groups
            supported group                           x25519
            supported group                           secp256r1
            supported group                           secp384r1

          ec_point_formats
            ec point format                           uncompressed

          signature_algorithms
          session_ticket
          extended_master_secret
          renegotiation_info
1 2  0.0540 (0.0360)  S>C  Handshake
      ServerHello
        Version 3.3
        session_id[0]=

        cipherSuite         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        compressionMethod                   NULL
        extensions
          extended_master_secret
          renegotiation_info
          ec_point_formats
1 3  0.0540 (0.0000)  S>C  ChangeCipherSpec
1 4  0.0540 (0.0000)  S>C  Handshake
1 5  0.0550 (0.0010)  C>S  ChangeCipherSpec
1 6  0.0550 (0.0000)  C>S  Handshake
1 7  0.0710 (0.0160)  C>S  application_data

Analysis

Wireshark is able to decrypt this TLS 1.2 traffic with the previously captured secret (it's a CLIENT_RANDOM record, of course).

The issue with ssldump is that ssl_process_client_key_exchange() never runs because there is no "client key exchange" method.