Hi Ahmed, On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote: > Hello, > > I've written a dissector for a custom protocol. The dissector works well, > and now I'm trying to run the protocol over TLS 1.3. > > The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is a > new cipher suite, it is used for integrity and has a null cipher (The > payload is actually plaintext). It is still in draft form, here is the > document that describes it: > https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt > > Looking at the ServerHello packet, Wireshark shows the CipherSuite as > Unknown (0xC0B4). Consequently, it does not provide a "Decrypted > application data" tab and does not pass the data to my dissector.
The new cipher name was added in the development build via commit v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052). It is not present in the stable build yet. > This is what the TLS debug log shows: [..] > I tried adding the cipher-suite to packet-tls-utils.c and recompiling > Wireshark. This is the line that I added, since the document says that > Diffie-Helman is the only key exchange that can be used. I'm not completely > sure that I'm using the correct macros - I don't fully understand TLS. > > {0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM } This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13) and more changes are needed to ensure that existing TLS 1.3 ciphers do not break while adding support for this new cipher. I've created a test samples for the two ciphers and posted these at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543 I hope to have a patch available tomorrow. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
