Greetings, We're doing some testings around TLS1.3 and in particular we're looking at session resumption.
We've captured some of the NewSessionTicket msgs sent by the server (Nginx over openssl 1.1.1-dev) and have a hard time reconciling their format with draft 20 of the TLS1.3 spec. Here's the details: 04 00 00 e4 00 00 02 58 0a 4d cd d9 00 d0 e3 53 f7 54 bf f9 b1 af 89 e1 3f cc 27 4a 20 b6 01 75 2a 5c 1e 1a a0 7b c4 b1 63 a8 89 b4 5f 15 fb 87 02 9f e4 5c 2c d1 cb ca 4a ae 52 45 1a c9 bf 91 a3 47 02 1d 01 4b de f5 23 5e 25 e9 d3 d2 53 6e 98 cb 7c 69 25 db 89 1c c6 3e a6 10 fd ee 18 b3 f4 8a ac 50 d0 17 6c a2 93 fa 36 c5 44 7d 75 1c 98 cb 4f 42 66 3d b1 06 72 16 49 8f 07 05 c1 05 59 48 cc bf e5 12 f1 d4 bd e2 20 df 39 98 cf 29 d5 f5 09 7f df da 48 9d 74 10 19 cd 60 ac 7a c8 db de 1b 96 02 bc 1f 60 2b d5 49 48 ab 0a 45 5f 75 d5 a7 bb 99 ec 84 4c 43 4b 78 de 43 7f 90 e6 87 0a 62 7e ee 66 d1 cb 26 8f 36 9f 1a 09 ec e2 fb 65 5f 3d 0b 19 e1 06 55 09 e2 07 ae 5c 00 08 00 2a 00 04 00 00 40 00 The blue hex numbers (last 10 bytes) do correctly map to the only allowed extension, early_data and contains a max_early_data_size set to 16k). >From the TLS draft 20 spec, the red bytes (8 first bytes) are supposed to correspond to ticket_lifetime and ticket_age_add. The first issue is that the values of these fields seem very weird (04 00 00 e4 for lifetime??). Also, this would lead to the next 2 bytes containing the length of the ticket: 0a 4d i.e. 2637 bytes. This doesn't look right as the ticket length is clearly less than that. I should add that we have captured several NewSessionTicket and they all look similar, albeit with different ticket length value (even though the tickets actually have the same length). Can anyone think of what we are missing? Cheers, Hubert
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
