TLS1.3 NewSessionTicket format

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TLS1.3 NewSessionTicket format

Hubert Le Van Gong
Greetings,

We're doing some testings around TLS1.3 and in particular we're looking at session resumption.

We've captured some of the NewSessionTicket msgs sent by the server (Nginx over openssl 1.1.1-dev) and have a hard time reconciling their format with draft 20 of the TLS1.3 spec.

Here's the details:

04 00 00 e4 00 00 02 58 0a 4d cd d9 00 d0 e3 53
f7 54 bf f9 b1 af 89 e1 3f cc 27 4a 20 b6 01 75
2a 5c 1e 1a a0 7b c4 b1 63 a8 89 b4 5f 15 fb 87
02 9f e4 5c 2c d1 cb ca 4a ae 52 45 1a c9 bf 91
a3 47 02 1d 01 4b de f5 23 5e 25 e9 d3 d2 53 6e
98 cb 7c 69 25 db 89 1c c6 3e a6 10 fd ee 18 b3
f4 8a ac 50 d0 17 6c a2 93 fa 36 c5 44 7d 75 1c
98 cb 4f 42 66 3d b1 06 72 16 49 8f 07 05 c1 05
59 48 cc bf e5 12 f1 d4 bd e2 20 df 39 98 cf 29
d5 f5 09 7f df da 48 9d 74 10 19 cd 60 ac 7a c8
db de 1b 96 02 bc 1f 60 2b d5 49 48 ab 0a 45 5f
75 d5 a7 bb 99 ec 84 4c 43 4b 78 de 43 7f 90 e6
87 0a 62 7e ee 66 d1 cb 26 8f 36 9f 1a 09 ec e2
fb 65 5f 3d 0b 19 e1 06 55 09 e2 07 ae 5c 00 08
00 2a 00 04 00 00 40 00

The blue hex numbers (last 10 bytes) do correctly map to the only allowed extension, early_data and contains a max_early_data_size set to 16k).

From the TLS draft 20 spec, the red bytes (8 first bytes) are supposed to correspond to ticket_lifetime and ticket_age_add.
The first issue is that the values of these fields seem very weird (04 00 00 e4 for lifetime??).

Also, this would lead to the next 2 bytes containing the length of the ticket: 
0a 4d   i.e. 2637 bytes.
This doesn't look right as the ticket length is clearly less than that.

I should add that we have captured several NewSessionTicket and they all look similar, albeit with different ticket length value (even though the tickets actually have the same length).

Can anyone think of what we are missing?


Cheers,
Hubert

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: TLS1.3 NewSessionTicket format

Matt Caswell-2


On 01/07/17 01:35, Hubert Le Van Gong wrote:

> Greetings,
>
> We're doing some testings around TLS1.3 and in particular we're looking
> at session resumption.
>
> We've captured some of the NewSessionTicket msgs sent by the server
> (Nginx over openssl 1.1.1-dev) and have a hard time reconciling their
> format with draft 20 of the TLS1.3 spec.
>
> Here's the details:
>
> 04 00 00 e4 00 00 02 58 0a 4d cd d9 00 d0 e3 53
> f7 54 bf f9 b1 af 89 e1 3f cc 27 4a 20 b6 01 75
> 2a 5c 1e 1a a0 7b c4 b1 63 a8 89 b4 5f 15 fb 87
> 02 9f e4 5c 2c d1 cb ca 4a ae 52 45 1a c9 bf 91
> a3 47 02 1d 01 4b de f5 23 5e 25 e9 d3 d2 53 6e
> 98 cb 7c 69 25 db 89 1c c6 3e a6 10 fd ee 18 b3
> f4 8a ac 50 d0 17 6c a2 93 fa 36 c5 44 7d 75 1c
> 98 cb 4f 42 66 3d b1 06 72 16 49 8f 07 05 c1 05
> 59 48 cc bf e5 12 f1 d4 bd e2 20 df 39 98 cf 29
> d5 f5 09 7f df da 48 9d 74 10 19 cd 60 ac 7a c8
> db de 1b 96 02 bc 1f 60 2b d5 49 48 ab 0a 45 5f
> 75 d5 a7 bb 99 ec 84 4c 43 4b 78 de 43 7f 90 e6
> 87 0a 62 7e ee 66 d1 cb 26 8f 36 9f 1a 09 ec e2
> fb 65 5f 3d 0b 19 e1 06 55 09 e2 07 ae 5c 00 08
> 00 2a 00 04 00 00 40 00
>
> The blue hex numbers (last 10 bytes) do correctly map to the only
> allowed extension, early_data and contains a max_early_data_size set to
> 16k).
>
> From the TLS draft 20 spec, the red bytes (8 first bytes) are supposed
> to correspond to ticket_lifetime and ticket_age_add.
> The first issue is that the values of these fields seem very weird (04
> 00 00 e4 for lifetime??).

What you have captured is the message and the message header. The first
byte (04) is the message type (NewSessionTicket) and the next three
bytes (00 00 e4) are the message length. The next four bytes are the
ticket_lifetime (00 00 02 58) and then the next four are the
ticket_age_add (0a 4d cd d9). The next 2 are the length of the ticket
(00 d0).

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Loading...