Wireshark mailing list archives
Re: Trying to decode a TLS 1.3 with null cipher
From: Peter Wu <peter () lekensteyn nl>
Date: Sat, 2 May 2020 19:20:25 +0200
Hi Ahmed, On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote:
Hello, I've written a dissector for a custom protocol. The dissector works well, and now I'm trying to run the protocol over TLS 1.3. The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is a new cipher suite, it is used for integrity and has a null cipher (The payload is actually plaintext). It is still in draft form, here is the document that describes it: https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt Looking at the ServerHello packet, Wireshark shows the CipherSuite as Unknown (0xC0B4). Consequently, it does not provide a "Decrypted application data" tab and does not pass the data to my dissector.
The new cipher name was added in the development build via commit v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052). It is not present in the stable build yet.
This is what the TLS debug log shows:
[..]
I tried adding the cipher-suite to packet-tls-utils.c and recompiling Wireshark. This is the line that I added, since the document says that Diffie-Helman is the only key exchange that can be used. I'm not completely sure that I'm using the correct macros - I don't fully understand TLS. {0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }
This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13) and more changes are needed to ensure that existing TLS 1.3 ciphers do not break while adding support for this new cipher. I've created a test samples for the two ciphers and posted these at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543 I hope to have a patch available tomorrow. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 01)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 05)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 07)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)