After decoding the packet layer and retrieving the TLS Version or TLS Handshake Version information from the TCP payload, I can extract details such as TLS 1.0, TLS 1.1, and TLS 1.2 from the payload. However, for TLS 1.3, the value 0x0304 is not present in the payload. What could be the reason for this? (gopacket v1.1.19 release version used)
Here is some examples how to try.
func processHttpsPacket(packet gopacket.Packet, tcp *layers.TCP) (string, string, error) {
checkPacketIsSSL(tcp.Payload)
}
func checkPacketIsSSL(payload []byte) (bool, uint16, byte, uint16 ) {
sslSignatures := [][]byte{
{0x16},
}
var tlsVersion uint16
var tlsHandshakeVersion uint16
var tlsContentType byte
for _, signature := range sslSignatures {
if bytes.HasPrefix(payload, signature) {
if len(payload) > 0 {
tlsContentType = payload[0] // 0x16 -> Handshake content type
}
if len(payload) > 2 {
tlsVersion = binary.BigEndian.Uint16(payload[1:3])
}
if len(payload) > 10 {
tlsHandshakeVersion = binary.BigEndian.Uint16(payload[9:11])
}
return true, tlsVersion,tlsContentType, tlsHandshakeVersion
}
}
return false, 0, 0, 0
}
After decoding the packet layer and retrieving the TLS Version or TLS Handshake Version information from the TCP payload, I can extract details such as TLS 1.0, TLS 1.1, and TLS 1.2 from the payload. However, for TLS 1.3, the value 0x0304 is not present in the payload. What could be the reason for this? (gopacket v1.1.19 release version used)
Here is some examples how to try.