[openssl-users] Session Ticket Support in Openssl TLS 1.2

Benjamin Kaduk bkaduk at akamai.com
Sat Jun 10 01:58:00 UTC 2017


On 06/09/2017 07:54 PM, Neetish Pathak wrote:
>
> On Thu, Jun 8, 2017 at 3:45 PM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
>     On 08/06/17 23:12, Neetish Pathak wrote:
>     > Thanks.
>     > I had one query regarding the TLS 1.3 implementation on server
>     side. I
>     > have a simple client server program with session resumption
>     working with
>     > TLS 1.2.
>     > When I use TLS 1.3, I see that server hello message has a malformed
>     > packet.
>
>     How do you know it is malformed? The format of the ServerHello message
>     has changed in TLSv1.3, so if you expect it to look like a TLSv1.2
>     ServerHello then you will be surprised.
>
>
>
> *I know the ServerHello is malformed from the WIRESHARK LOGS. It shows
> an exception for the ServerHello with malformed packet message.*

It is quite likely that your version of wireshark does not know how to
properly decode the TLS 1.3 ServerHello.  When interpreted as a TLS 1.2
ServerHello, it is expected to show as malformed, because the protocol
formats are different between the two protocols.  This is what Matt was
trying to say.

Someone could look at the raw hex dump of the packet and decode it
manually as a TLS 1.3 ServerHello to confirm whether it is actually
malformed or just a wireshark error.

-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170609/09a49a55/attachment.html>


More information about the openssl-users mailing list