pyrdp icon indicating copy to clipboard operation
pyrdp copied to clipboard
verified publisher icon GoSecure

Add support for TLSv1.3 CLIENT_HANDSHAKE_TRAFFIC_SECRET

Open Pourliver opened this issue 6 years ago • 3 comments

Update: We worked around this issue by refusing TLS 1.3 connections and favoring 1.2 or others instead. This was merged in #193. This ticket initially reported the bug that was worked-around but is now used to track the efforts to support TLS 1.3 itself.

The CLIENT_RANDOM isn't enough to decrypt TLSv1.3 traffic. The following zip contains a pcap with TLSv1.3, the CLIENT_RANDOM, and a TLS debug file.

debug.zip

Pourliver avatar Jun 11 '19 14:06 Pourliver

This seems to be caused by the fact that the format of the CLIENT_RANDOM has changed and is not fixed-length anymore, and that CLIENT_HANDSHAKE_TRAFFIC_SECRET should be used instead.

This should be a simple change in PyRDP, but I’m unsure how it can be done.

reference: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format

Res260 avatar Jun 11 '19 14:06 Res260

Also, wireshark's tls dissector failure message:

tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible

Res260 avatar Jun 11 '19 22:06 Res260

We merged a downgrade workaround in #193. Since this ticket contains a helpful pcap file, I'll turn it into a feature request and keep it.

obilodeau avatar Mar 25 '20 21:03 obilodeau