Wireshark mailing list archives
Re: Trying to decode a TLS 1.3 with null cipher
From: Ahmed Elsherbiny <sherboah () gmail com>
Date: Tue, 5 May 2020 09:05:53 -0700
Hi Peter, Unfortunately I am not privy to the reasons for choosing this particular cipher suite. Sorry if my questions sounds naive - I'm really not into the security domain. What would be the risks of using this implementation (with the nonce issue and half-size key)? Does it make it easier for an attacker to "fake" a certificate and impersonate the server? My next question would be, what other cipher suites would you suggest? I heard that TLS1.2 may get deprecated and so, not sure if that would be a good option. Regards, Ahmed On Mon, May 4, 2020 at 4:38 PM Peter Wu <peter () lekensteyn nl> wrote:
Hi Ahmed, On Mon, May 04, 2020 at 03:12:50PM -0700, Ahmed Elsherbiny wrote:First of all, thank you again for creating the patch. I did test it andwasable to successfully decode some messages. My implementation uses WolfSSL v4.3.0. I hope the patch will be merged in, please let me know if there's anymoreinfo you need from my end.At the moment the patch is unlikely going to be merged pending further information from the relevant draft authors. Please be very careful with deploying your information, WolfSSL appears to have a bug in the implementation of the draft: https://github.com/wolfSSL/wolfssl/issues/2945 Is your implementation actually going to be used in production? What are the reasons behind choosing this draft proposal for TLS 1.3 null ciphers if I may ask? -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 01)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 05)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 07)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)