Removing Extensions from Client Hello Header

Phil Neumiller pneumiller at directstream.com
Mon Nov 11 21:09:39 UTC 2019 

The hardware wants to see a client hello like the following:

Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 253
    Version: TLS 1.2 (0x0303)
    Random: 000000000000000100000002000000040000000900000012…
        GMT Unix Time: Dec 31, 1969 17:00:00.000000000 MST
        Random Bytes: 000000010000000200000004000000090000001200000024…
    Session ID Length: 0
    Cipher Suites Length: 2
    Cipher Suites (1 suite)
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
    Compression Methods Length: 1
    Compression Methods (1 method)
        Compression Method: null (0)
    Extensions Length: 210
    Extension: supported_groups (len=4)
        Type: supported_groups (10)
        Length: 4
        Supported Groups List Length: 2
        Supported Groups (1 group)
            Supported Group: x25519 (0x001d)
    Extension: signature_algorithms (len=4)
        Type: signature_algorithms (13)
        Length: 4
        Signature Hash Algorithms Length: 2
        Signature Hash Algorithms (1 algorithm)
            Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: ECDSA (3)
    Extension: key_share (len=38)
        Type: key_share (51)
        Length: 38
        Key Share extension
            Client Key Share Length: 36
            Key Share Entry: Group: x25519, Key Exchange length: 32
                Group: x25519 (29)
                Key Exchange Length: 32
                Key Exchange:
000000920000012400000249000004920000092400001249…
    Extension: psk_key_exchange_modes (len=2)
        Type: psk_key_exchange_modes (45)
        Length: 2
        PSK Key Exchange Modes Length: 1
        PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
    Extension: supported_versions (len=3)
        Type: supported_versions (43)
        Length: 3
        Supported Versions length: 2
        Supported Version: TLS 1.3 (0x0304)
    Extension: heartbeat (len=1)
        Type: heartbeat (15)
        Length: 1
        Mode: Peer not allowed to send requests (2)
    Extension: pre_shared_key (len=130)
        Type: pre_shared_key (41)
        Length: 130
        Pre-Shared Key extension
            Identities Length: 28
            PSK Identity (length: 8)
                Identity Length: 8
                Identity: 0000924900012492
                Obfuscated Ticket Age: 0
            PSK Identity (length: 8)
                Identity Length: 8
                Identity: 0000000000000000
                Obfuscated Ticket Age: 0
            PSK Binders length: 98
            PSK Binders




-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

More information about the openssl-users mailing list