[openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

Michael Wojcik Michael.Wojcik at microfocus.com
Sat Dec 30 17:17:15 UTC 2017


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Sai Teja Chowdary
> Sent: Friday, December 29, 2017 21:44

> I am using OpenSSL client to create a custom TLS client which can send or manipulate the default TLS handshake
> messages so that i can test for any bugs in our TLS server implementation. I spent about 4 months in reading OpenSSL
> code and making changes and adding new arguments to modify the default client. So in that process i came across the
> WPACKET API. For framing SSL records I had to use it. 

I can't help with your specific issue. I don't know the 1.1.x codebase (my teams are still using 1.0.2). But I'd suggest that perhaps OpenSSL is not the ideal starting point for this.

When security researchers do this sort of thing - generate specific TLS messages to test a peer implementation - they often use a scripting language with suitable add-on modules, such as Python with the ssl, cryptography, and gmpy2 modules. While these scripts are often quick-and-dirty, they're probably easier to modify. So you might look at various open-source TLS test scripts, such as the one Hanno Böck wrote for ROBOT (see robotattack.org).

There are also various open-source test frameworks for TLS, such as TLSPretense. I don't have any experience with them myself, but it's worth taking a look.

-- 
Michael Wojcik 
Distinguished Engineer, Micro Focus 





More information about the openssl-users mailing list