Fortunately, if the original session was performed while the script was already running, the original master secret was already keylogged, and Wireshark is smart enough to detect session resumption by both Session ID and session tickets automatically will use the older key already present in the keylog. Testing our keylogging script from Part 1 shows that for resumed sessions neither SslGenerateMasterKey nor SslImportMasterKey (the two functions we hooked to extract the master key) are called. 1.3 Rechecking the CSessionCacheItem-based approach After deleting the key and rebooting I’ve got session resumption to work. So as it turned out, starting from October 2019, MS requires EMS extension to be used for any resumed session ( ) because of the CVE-2019-1318 vulnerability. This setting disables the Extended Master Secret TLS extension which we’ve already discussed in section 5.6 of part 1 of the article. Diffing schannel settings in the registry revealed that on the non-resuming machine I had DisableClientExtendedMasterSecret setting set to 0x1. But then I tried it on another machine and saw that the sessions were resumed there, even after I updated it to 2004. While testing my Win10 for session resumption, I was very surprised to find that the sessions were never resumed! I even had a hypothesis that MS broke session resumption in W10 2004. Random: 5ef20d33043e581bc1b47fbf443a1eb8d8ebece565b74197…ġ.2 Schannel, session resumption and Extended Master Secret TLS extension TLSv1.2 Record Layer: Handshake Protocol: Client Hello Transmission Control Protocol, Src Port: 52666, Dst Port: 3443, Seq: 1, Ack: 1, Len: 324 On successful session ID resumption the ClientHello will contain non-empty Session Id:įrame 2930: 378 bytes on wire (3024 bits), 378 bytes captured (3024 bits) on interface wlan0, id 0Įthernet II, Src: PcsCompu_f2:86:82 (08:00:27:f2:86:82), Dst: IntelCor_98:b0:66 (3c:6a:a7:98:b0:66) I can then open Wireshark, issue a couple of requests and examine the ClientHello message. Setup server listening on 4443 without cache and with tickets. Setup server listening on 3443 with cache and with tickets. Setup server listening on 2443 with cache and without tickets. Setup server listening on 1443 without cache and without tickets. After compilation, running the server creates 4 endpoints with different settings: %. In order to test if the client implementation will cache tls session either via saving session IDs or with session tickets, I used a sample RFC5077 server. TLS1.2 Session resumption 1.1 Testbed for session resumption Schannel and TLS 1.3 session resumptionġ. 1.6 TLS 1.2 session resumption: lessons learned.1.5 Dumping keys for resumed sessions by hooking (+ an easier way for non-resumed sessions).1.4 CSessionCacheItem-based approach: TL DR.1.3 Rechecking the CSessionCacheItem-based approach.1.2 Schannel, session resumption and Extended Master Secret TLS extension.We do offensive security, web application analysis and SDL consunting. I’m grateful to be able to do reseach as part of my job. I would love to be proven wrong, though.Īs previously, this work is part of my R&D activities at SolidLab LLC and was fully funded by the company.
My experiments show that for TLS1.3 session resumption is not currently supported by Schannel.
WIRESHARK TLS 1.2 DECRYPT UPDATE
Resumption for TLS1.2 is only performed when extended master secret extension is in use.For TLS1.2 schannel does session resumption both with session IDs and tickets.I’ve also redone some of the experiments from Jacob Cambic’s research to discover if something has changed from the time it was written. This part is about dealing with session resumption. I recommend at least skimming through part 1 before reading this one, because it contains a lot of important context that is omitted in part 2. This is the second part of my schannel research.
0 kommentar(er)
