| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch].
Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06
Reviewed-on: https://code.wireshark.org/review/29659
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Dissect the ESNI TLS 1.3 extension in CH and EE.
Bug: 14984
Change-Id: I95bb5ef0313aefdab7c09dbeb60556d9574c2a00
Reviewed-on: https://code.wireshark.org/review/29817
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Split initial_max_stream_data (0) into
* initial_max_stream_data_bidi_local (0),
* initial_max_stream_data_bidi_remote (10),
* initial_max_stream_data_uni (11)
Change-Id: I4ab7785059391f91703c9cdee9fcd111ad7e88a6
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29722
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Remove in draft-13
Ping-Bug: 13881
Change-Id: I572dfded151569ddce3c0c90f8775a3b4a2052ba
Reviewed-on: https://code.wireshark.org/review/29720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
QUIC draft -12 and before used the TLS Exporter to derive the protected
payload secrets. Starting with draft -13, the handshake and 1-RTT
protected payloads use keys derived during the TLS 1.3 handshake (but
with the "quic " label for HKDF-Expand-Label instead of "tls13 ").
That unfortunately means that previous CLIENT_HANDSHAKE_TRAFFIC_SECRET,
SERVER_TRAFFIC_SECRET_0, etc. are unusable. As a quick workaround,
extend the key log format with new labels similar to the old one (but
with "QUIC_" prepended to it).
To match draft -13, rename the original "handshake cipher/secret" to
"initial cipher/secret" and add a new "handshake cipher".
Potential limitation: if the client/server addresses/ports change since
the Initial Packet, then a new TLS session is created in the TLS
dissector. Attempting to retrieve secrets after the change will fail
since the Client Random is empty and the secret cannot be linked.
Another more common limitation: (Certificate) handshake messages that
span multiple CRYPTO frames are not correctly recognized.
Change-Id: I2932c3cc851fae51e8becf859db53ccc5f4beeda
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29677
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This recognizes the Client/Server Hello message in the Initial Packets.
Full (handshake) decryption remains a task for later.
Prevent STREAM 0 from being treated as TLS while at it.
Change-Id: I27193a15be777c568b6b009141cbc59bcf3e8ad6
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29646
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
add new Transport Parameter disable_migration(9) from draft-13
Ping-Bug: 13881
Change-Id: Ie80cc16c8548264875311f4a66e43bd7bfcb883e
Reviewed-on: https://code.wireshark.org/review/29674
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Ping-Bug: 13881
Change-Id: I2377f4e1d193c8a2948f6cfebb029a1c80d370b3
Reviewed-on: https://code.wireshark.org/review/29672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Add new TP preferred_address and also update comment
Ping-Bug: 13881
Change-Id: I94d015769165933ef76123a338982b3a4238fb59
Reviewed-on: https://code.wireshark.org/review/29671
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
There is a conflict with some other extensions (compressed_certificate...)
with draft-13, QUIC use 0xffa5 (65445) for Transport Parameters extensions
Ping-Bug: 13881
Change-Id: Iaeeb21dd68038fbb8865d91c89f3216bd4a97af5
Reviewed-on: https://code.wireshark.org/review/29673
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Remove in draft -11
Ping-Bug: 13881
Change-Id: I27275167f006e30afe9f2a5eff43692fa3be4315
Reviewed-on: https://code.wireshark.org/review/29670
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This protocol was superseded by SSLv3 and has been disabled in MS
products long time ago.
Change-Id: If29bcfad394ba55c7d6605626762c29055a02ae9
Reviewed-on: https://code.wireshark.org/review/29667
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add register_dissector_table_alias, similar proto_register_alias. Add
aliases for ssl.port, and ssl.handshake.extensions_alpn_str, and
dtls.handshake.extensions_alpn_str.
Change-Id: I87c3215e2872883ed0f581557e08c84f2dba12a0
Reviewed-on: https://code.wireshark.org/review/29652
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I206d05c47c9f9089a201783ae2d0856c97a5e502
Reviewed-on: https://code.wireshark.org/review/29588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When early data is present but undecryptable (due to lack of keys), it
should not result in incrementing the sequence number or the following
application data from the client will fail to decrypt.
Change-Id: I8016a30508d96c14cbd6a3b9c4af1591a6c437c3
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/29169
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This will let val_to_str_const() choose the given 'unknown_str'
instead of always showing 'SSL' when the version is unknown.
This is relevant for DTLS when only having a 'Client Hello' packet.
Change-Id: I3931460e70278241aee0b7782025bc7bfd9bf93d
Reviewed-on: https://code.wireshark.org/review/29118
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
TLS 1.3 was finalized as RFC 8446 with registry updates in RFC 8447.
Update references to match the final version.
Bug: 12779
Change-Id: I5390e515179404d4287666330d26252b1f5f1b95
Reviewed-on: https://code.wireshark.org/review/29071
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
C99 requires fgets to fail once the EOF bit is set, glibc 2.28 started
implementing this behavior. Clear the EOF bit to avoid all future reads
from failing. Add another error check while at it.
Change-Id: I1c5f7e190426d29e3bf437c443b09092ed8d2d35
Fixes: v1.99.0-rc1-1080-ga69a63f5d1 ("ssl: fix SSL keylog file live-capture use case")
Reviewed-on: https://code.wireshark.org/review/28984
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
ssl_get_keyex_alg().
Addressing code review comments from Peter Wu.
Bug: 14935
Change-Id: I5e2dbad1ab42c3f958b29092df31d3636d04812c
Reviewed-on: https://code.wireshark.org/review/28569
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I862a7870d335f8b0b57d13e2981a8bb1a02b2726
Reviewed-on: https://code.wireshark.org/review/28563
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
"Elliptic Curve Cryptography (ECC) variant of Password Authenticated
Key Exchange by Juggling (ECJPAKE)" as defined in
https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt
and used in
https://www.threadgroup.org/ThreadSpec.
Change-Id: I8c73a2528182427ff4f4734e3fe1618adc464192
Reviewed-on: https://code.wireshark.org/review/28531
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Have dissectors register with their protocol ID string in that table,
rather than having a table in epan/dissectors/packet-ssl-utils.c that
has to be updated for new protocols.
Have a table of protocol ID string prefixes, to handle the case of
protocols such as SPDY and HTTP2 drafts, where multiple protocol IDs are
used for different versions.
Change-Id: I363d04895a88e779fbbca7dc8e1f31aa1970a31a
Reviewed-on: https://code.wireshark.org/review/27836
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Different dissectors are required for protocols running atop SSL/TLS and
protocols running atop DTLS - SSL/TLS provides a byte-stream service, so
there's no guarantee that there's a correspondence between SSL/TLS
application data record boundaries and packet boundaries, but DTLS
provides a datagram service, with packet boundaries corresponding to
application data record boundaries.
This is similar to the difference between dissectors for protocols
running atop TCP and protocols running atop protocols such as UDP.
So have two separate tables mapping Application-Layer Protocol
Negotiation (ALPN) Protocol IDs to dissector names - one for SSL/TLS and
one for DTLS.
There are both "over a byte-stream protocol" and "over a packet-oriented
protocol" dissectors for STUN and TURN ChannelData packets. Register
the "over a byte-stream protocol" ones by name, and use the appropriate
ones in the appropriate tables. (There is not one named "stun", so the
STUN dissector wouldn't have been called at all.)
Change-Id: I054e169f6ae3291abdc7eb58918ef65a17c90a63
Reviewed-on: https://code.wireshark.org/review/27822
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
These are 16-bit fields, not 32-bit. Fixes a malformed packet exception.
While at it, rename fields to match draft-ietf-quic-tls-11-6-g4b762033,
these fields were inconssitently named in draft-11.
Bug: 13881
Change-Id: I797d2b4a24a4f4a9b340db736de0000acd52e639
Reviewed-on: https://code.wireshark.org/review/27491
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
TLS 1.3 draft 26 up to 28 are purely editorial, but since QUIC draft-11
will actually use the latest TLS 1.3 draft, add these versions. See
https://github.com/quicwg/base-drafts/wiki/5th-Implementation-Draft
Bug: 12779
Change-Id: I31316afa900c4b085caeed2529b388617211bff7
Reviewed-on: https://code.wireshark.org/review/27108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
These fields have always been 16-bit values, see
https://tools.ietf.org/html/draft-ietf-quic-transport-11#section-6.4.1
Noticed with picoquic-11.pcap, note that ngtcp2-10.pcap triggers the
expert info due to a bug fixed in ngtcp2 2939ff618e4a.
Bug: 13881
Change-Id: I867703f5399f3d9c2cfe7d0488f4be83c0a5b4a2
Reviewed-on: https://code.wireshark.org/review/27097
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 13881
Change-Id: Ia7c695ba081b4b744821744a6209f09ff87912fd
Reviewed-on: https://code.wireshark.org/review/27008
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
In preparation for QUIC packet decryption, add a method to retrieve the
cipher used in a TLS session. (QUIC embeds the TLS handshake.)
Change-Id: If58e16bd0a01808dafa455ddc6c67ad23f33d7da
Reviewed-on: https://code.wireshark.org/review/26558
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Add support for "EXPORTER_SECRET" (NSS 3.34, boringssl 1c58471cc9f4) and
"EARLY_EXPORTER_SECRET" (NSS 3.35) key log lines. These secrets can be
used with the TLS-Exporter interface to derive QUIC 0-RTT/1-RTT keys.
Ping-Bug: 13881
Change-Id: I7ff3e51ce0bd868353aacb2e3a52b28f144af341
Reviewed-on: https://code.wireshark.org/review/24981
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Draft -20 shortened the label used by Key Update, adjust accordingly.
Change-Id: I3761b94933165a65fd810eff7bef4373290346cd
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26554
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ibbca24b95763cee57ebaee0ee7723db217fc05bc
Reviewed-on: https://code.wireshark.org/review/26479
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Includes new authenticated additional data required for decryption, see
https://tools.ietf.org/html/draft-ietf-tls-tls13-26#page-83
Tested with current openssl master (OpenSSL_1_1_1-pre2-131-gfa25763b55).
Change-Id: Ifb5bf6ab44bb13cbd8cfa60abe0a2665ad094f9a
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26447
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Rather than relying on the advertised ciphers in the Client Hello (which
might not match the early data cipher), try all TLS 1.3 ciphers when the
0rtt secret is available.
Whenever the client advertises the "early_data" extension, we will try
to decrypt it when keys are available. This is tried before decrypting
normal handshake/application data because a server might reject early
data and then no End Of Early Data (EOED) message is available. Care is
taken to decrypt as much 0RTT data as possible, only when when EOED is
seen *or* when 0RTT decryption fails, then it will switch to HS secrets.
Requires at least Libgcrypt 1.6 for verifying the auth tags, otherwise
it cannot recognize whether the "decrypted" result is correct.
Since the negotiated draft version is not known during Client Hello,
rely on heuristics to guess the actual draft. This is relevant since the
key expansion changed in draft 20. (Test with comment 56 in bug 12779.)
Change-Id: Ied3f2b4b9f38d1280a6158c3a3aff8296c035fc3
Ping-Bug: 12779
Bug: 14308
Reviewed-on: https://code.wireshark.org/review/26445
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
In preparation for TLS 1.3 early data trial decryption, give the caller
of "ssl_decrypt_record" control over skipping integrity check failures.
As a side-effect, this will avoid a ssl preference from affecting DTLS.
If desired, a DTLS-specific preference can be added at a later point.
Change-Id: Ib84a127b4dab524902edeb2d335d069db0304ded
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26473
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Extract code for reuse with early data decryption. No functional change.
Change-Id: I0df1a12a9780a8cfba951e9944ce9665a4b70f7a
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/26444
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Only add version (no frame change)
Change-Id: I437f7f9e1962f5fff35d187b559ec3943b683fd0
Reviewed-on: https://code.wireshark.org/review/26044
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
negotiated_version is encrypted_extensions now
No longer supported by QUIC dissector ( >= draft-08)
Bug:13881
Change-Id: Id1fca0b5b6ce59c854b50d7091cce1079213db68
Reviewed-on: https://code.wireshark.org/review/26043
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
To support decryption of future drafts of QUIC, the HKDF label must be
configurable by the QUIC dissector. Currently it can only select between
"tls13 " and "TLS 1.3, " which is not sufficient (it needs "QUIC ").
Change "tls13_hkdf_expand_label" and "tls13_cipher_create" to accept the
label prefix directly instead of just a TLS 1.3 draft version number.
Change-Id: I466a6e1a8f4b051f5775e7d8d6658641a1ae7fb1
Reviewed-on: https://code.wireshark.org/review/25961
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Also show the seconds in a human readable string.
Change-Id: I124bfc12954fb7c2c65777c028986d18c5686c7b
Reviewed-on: https://code.wireshark.org/review/25772
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
HKDF (RFC 5869) is a standard construct used in TLS 1.3, QUIC and
OSCORE, generalize it for use outside the TLS dissector.
Since none of the users need the "context" (formerly "hash_value")
field, remove the parameter.
Change-Id: Id952de8cb3000f6f6eda844d17c78bbd3906a84d
Reviewed-on: https://code.wireshark.org/review/25723
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Renumber key_share extension, display the old codepoint as "Reserved
(key_share)" in case an older draft version is loaded. The old codepoint
(40) was apparently used for different purposes:
https://www.ietf.org/mail-archive/web/tls/current/msg25168.html
Add a new "signature_algorithms_cert" extension which is similar to
"signature_algorithms", except that it advertises the supported
algorithms in certificates rather than handshake messages.
Change-Id: Ibbb09100e2540deea8f652ba0685feadb68f33e7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/25309
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
only 3 parameters are mandatory, so 3 * 4 (type + length), 2 * 4 (initial_max_stream_data + initial_max_data) + 2 (idle_timeout) = 22
See https://github.com/quicwg/base-drafts/issues/1042
Bug: 13881
Change-Id: I971b0badb81086bb4bf018cb4471973a3950ee50
Reviewed-on: https://code.wireshark.org/review/25184
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
MAX_STREAM_ID is rename to MAX_STREAM_ID_BIDI
and there is a new paramter MAX_STREAM_ID_UNI
Bug: 13881
Change-Id: I99bcc559a133ded88f4caedd887f481147063496
Reviewed-on: https://code.wireshark.org/review/25120
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13881
Change-Id: I56ac681174e4058c4d4fefe40084905538222c1b
Reviewed-on: https://code.wireshark.org/review/25119
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13881
Change-Id: I583c9290c5e4d2aaefc2d3ae09babfa82dfbd299
Reviewed-on: https://code.wireshark.org/review/25118
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
not longer negotiated version on Client Hello but on encrypted extensions
Missing add new TransportParameterId (ack_delay_exponent and initial_max_stream_id_uni)
Bug: 13881
Change-Id: I5d76662b8c7767c48fdec460e2249d49c6693f18
Reviewed-on: https://code.wireshark.org/review/25018
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add interface to expand the QUIC cleartext secrets
(quic_derive_cleartext_secrets),
an interface to create the cleartext ciphers
(quic_create_cleartext_decoders),
an interface to decrypt messages using this cipher
(quic_decrypt_message).
Change-Id: Id546150be2964959388b7ef69984b891521e5caa
Reviewed-on: https://code.wireshark.org/review/24435
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
