Removing Extensions from Client Hello Header

Phil Neumiller pneumiller at directstream.com
Mon Nov 11 20:51:39 UTC 2019


By doing the following in my code:




I was able to get the Client Hello Extensions down to.

Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 365
    Version: TLS 1.2 (0x0303)
    Random: 19ff8a9231e83985887f5e45f2c9b243f0ccaa955beb1f03…
    Session ID Length: 32
    Session ID: ebcab15bff6e5abfc14588298b45a56f74963eda97645992…
    Cipher Suites Length: 8
    Cipher Suites (4 suites)
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
        Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
        Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
    Compression Methods Length: 1
    Compression Methods (1 method)
        Compression Method: null (0)
    Extensions Length: 284
    Extension: ec_point_formats (len=4)
        Type: ec_point_formats (11)
        Length: 4
        EC point formats Length: 3
        Elliptic curves point formats (3)
            EC point format: uncompressed (0)
            EC point format: ansiX962_compressed_prime (1)
            EC point format: ansiX962_compressed_char2 (2)
    Extension: supported_groups (len=8)
        Type: supported_groups (10)
        Length: 8
        Supported Groups List Length: 6
        Supported Groups (3 groups)
            Supported Group: secp521r1 (0x0019)
            Supported Group: secp384r1 (0x0018)
            Supported Group: secp256r1 (0x0017)
    Extension: session_ticket (len=0)
        Type: session_ticket (35)
        Length: 0
        Data (0 bytes)
    Extension: encrypt_then_mac (len=0)
        Type: encrypt_then_mac (22)
        Length: 0
    Extension: extended_master_secret (len=0)
        Type: extended_master_secret (23)
        Length: 0
    Extension: signature_algorithms (len=30)
        Type: signature_algorithms (13)
        Length: 30
        Signature Hash Algorithms Length: 28
        Signature Hash Algorithms (14 algorithms)
            Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                Signature Hash Algorithm Hash: SHA384 (5)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                Signature Hash Algorithm Hash: SHA512 (6)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ed25519 (0x0807)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (7)
            Signature Algorithm: ed448 (0x0808)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (8)
            Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (9)
            Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (10)
            Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (11)
            Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (4)
            Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (5)
            Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (6)
            Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: RSA (1)
            Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                Signature Hash Algorithm Hash: SHA384 (5)
                Signature Hash Algorithm Signature: RSA (1)
            Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                Signature Hash Algorithm Hash: SHA512 (6)
                Signature Hash Algorithm Signature: RSA (1)
    Extension: supported_versions (len=3)
        Type: supported_versions (43)
        Length: 3
        Supported Versions length: 2
        Supported Version: TLS 1.3 (0x0304)
    Extension: psk_key_exchange_modes (len=2)
        Type: psk_key_exchange_modes (45)
        Length: 2
        PSK Key Exchange Modes Length: 1
        PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
    Extension: key_share (len=139)
        Type: key_share (51)
        Length: 139
        Key Share extension
            Client Key Share Length: 137
            Key Share Entry: Group: secp521r1, Key Exchange length: 133
                Group: secp521r1 (25)
                Key Exchange Length: 133
                Key Exchange:
040044c7b3890387abc775e036f375acf9247ffad580a078…
    Extension: pre_shared_key (len=58)
        Type: pre_shared_key (41)
        Length: 58
        Pre-Shared Key extension
            Identities Length: 21
            PSK Identity (length: 15)
                Identity Length: 15
                Identity: 436c69656e745f6964656e74697479
                Obfuscated Ticket Age: 0
            PSK Binders length: 33
            PSK Binders

Is this the minimal standard compliant set of extensions?  





-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list