[openssl-dev] TLS1.3 NewSessionTicket format
Matt Caswell
matt at openssl.org
Sat Jul 1 16:08:42 UTC 2017
On 01/07/17 01:35, Hubert Le Van Gong wrote:
> Greetings,
>
> We're doing some testings around TLS1.3 and in particular we're looking
> at session resumption.
>
> We've captured some of the NewSessionTicket msgs sent by the server
> (Nginx over openssl 1.1.1-dev) and have a hard time reconciling their
> format with draft 20 of the TLS1.3 spec.
>
> Here's the details:
>
> 04 00 00 e4 00 00 02 58 0a 4d cd d9 00 d0 e3 53
> f7 54 bf f9 b1 af 89 e1 3f cc 27 4a 20 b6 01 75
> 2a 5c 1e 1a a0 7b c4 b1 63 a8 89 b4 5f 15 fb 87
> 02 9f e4 5c 2c d1 cb ca 4a ae 52 45 1a c9 bf 91
> a3 47 02 1d 01 4b de f5 23 5e 25 e9 d3 d2 53 6e
> 98 cb 7c 69 25 db 89 1c c6 3e a6 10 fd ee 18 b3
> f4 8a ac 50 d0 17 6c a2 93 fa 36 c5 44 7d 75 1c
> 98 cb 4f 42 66 3d b1 06 72 16 49 8f 07 05 c1 05
> 59 48 cc bf e5 12 f1 d4 bd e2 20 df 39 98 cf 29
> d5 f5 09 7f df da 48 9d 74 10 19 cd 60 ac 7a c8
> db de 1b 96 02 bc 1f 60 2b d5 49 48 ab 0a 45 5f
> 75 d5 a7 bb 99 ec 84 4c 43 4b 78 de 43 7f 90 e6
> 87 0a 62 7e ee 66 d1 cb 26 8f 36 9f 1a 09 ec e2
> fb 65 5f 3d 0b 19 e1 06 55 09 e2 07 ae 5c 00 08
> 00 2a 00 04 00 00 40 00
>
> The blue hex numbers (last 10 bytes) do correctly map to the only
> allowed extension, early_data and contains a max_early_data_size set to
> 16k).
>
> From the TLS draft 20 spec, the red bytes (8 first bytes) are supposed
> to correspond to ticket_lifetime and ticket_age_add.
> The first issue is that the values of these fields seem very weird (04
> 00 00 e4 for lifetime??).
What you have captured is the message and the message header. The first
byte (04) is the message type (NewSessionTicket) and the next three
bytes (00 00 e4) are the message length. The next four bytes are the
ticket_lifetime (00 00 02 58) and then the next four are the
ticket_age_add (0a 4d cd d9). The next 2 are the length of the ticket
(00 d0).
Matt
More information about the openssl-dev
mailing list