Wireshark mailing list archives
Re: Trying to decode a TLS 1.3 with null cipher
From: Ahmed Elsherbiny <sherboah () gmail com>
Date: Sat, 2 May 2020 10:55:07 -0700
Wow this is great news, thank you Peter! Regards, Ahmed On Sat, May 2, 2020 at 10:21 AM Peter Wu <peter () lekensteyn nl> wrote:
Hi Ahmed, On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote:Hello, I've written a dissector for a custom protocol. The dissector works well, and now I'm trying to run the protocol over TLS 1.3. The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This isanew cipher suite, it is used for integrity and has a null cipher (The payload is actually plaintext). It is still in draft form, here is the document that describes it: https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt Looking at the ServerHello packet, Wireshark shows the CipherSuite as Unknown (0xC0B4). Consequently, it does not provide a "Decrypted application data" tab and does not pass the data to my dissector.The new cipher name was added in the development build via commit v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052). It is not present in the stable build yet.This is what the TLS debug log shows:[..]I tried adding the cipher-suite to packet-tls-utils.c and recompiling Wireshark. This is the line that I added, since the document says that Diffie-Helman is the only key exchange that can be used. I'm notcompletelysure that I'm using the correct macros - I don't fully understand TLS. {0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13) and more changes are needed to ensure that existing TLS 1.3 ciphers do not break while adding support for this new cipher. I've created a test samples for the two ciphers and posted these at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543 I hope to have a patch available tomorrow. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 01)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 05)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 07)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)