Removing Extensions from Client Hello Header

Phil Neumiller pneumiller at directstream.com
Tue Nov 12 20:13:49 UTC 2019


Thanks for all the useful device.  I was able to get the server to accept
this client hello message.

TLSv1.3 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 257
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 253
        Version: TLS 1.2 (0x0303)
        Random: 000000000000000100000002000000040000000900000012…
        Session ID Length: 0
        Cipher Suites Length: 2
        Cipher Suites (1 suite)
            Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 210
        Extension: supported_groups (len=4)
            Type: supported_groups (10)
            Length: 4
            Supported Groups List Length: 2
            Supported Groups (1 group)
                Supported Group: x25519 (0x001d)
        Extension: signature_algorithms (len=4)
            Type: signature_algorithms (13)
            Length: 4
            Signature Hash Algorithms Length: 2
            Signature Hash Algorithms (1 algorithm)
                Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: Unknown (6)
        Extension: key_share (len=38)
            Type: key_share (51)
            Length: 38
            Key Share extension
                Client Key Share Length: 36
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
000000920000012400000249000004920000092400001249…
        Extension: psk_key_exchange_modes (len=2)
            Type: psk_key_exchange_modes (45)
            Length: 2
            PSK Key Exchange Modes Length: 1
            PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
        Extension: supported_versions (len=3)
            Type: supported_versions (43)
            Length: 3
            Supported Versions length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: heartbeat (len=1)
            Type: heartbeat (15)
            Length: 1
            Mode: Peer not allowed to send requests (2)
        Extension: pre_shared_key (len=130)
            Type: pre_shared_key (41)
            Length: 130
            Pre-Shared Key extension
                Identities Length: 28
                PSK Identity (length: 8)
                    Identity Length: 8
                    Identity: 0000924900012492
                    Obfuscated Ticket Age: 0
                PSK Identity (length: 8)
                    Identity Length: 8
                    Identity: 0000000000000000
                    Obfuscated Ticket Age: 0
                PSK Binders length: 98
                PSK Binders

So just one signature algorithm.  Now the response I got from the OpenSSL
TLS server is this server hello.

TLSv1.3 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 90
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 86
        Version: TLS 1.2 (0x0303)
        Random: 7f9801c0f94da77d9d2c100cba7ff587bec25bca39defd81…
        Session ID Length: 0
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Compression Method: null (0)
        Extensions Length: 46
        Extension: supported_versions (len=2)
            Type: supported_versions (43)
            Length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: key_share (len=36)
            Type: key_share (51)
            Length: 36
            Key Share extension
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
ab6c1e5e5a83cdeee70487c509bd0810668a32fa2402f7d7…

Now to try the actual hardware....  At least openssl TLS 1.3 is OK with just
1 signature algorithm for my special case of external out of band PSK.






-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list