search

irontec / sngrep

Ncurses SIP Messages flow viewer
GNU General Public License v3.0
1.02k stars 187 forks source link

TLS different behavior #280

Open dias3000 opened 5 years ago

dias3000 commented 5 years ago

Hello, thanks for the great tool.

I have kamailio (5.2.5) TLS enabled, cipher suite is set to use only TLS_RSA_WITH_AES_128_CBC_SHA. Cert verification is disabled. I run: sngrep -k key.pem

If i make a call from Bria 5, sngrep (1.4.5) decodes TLS well, but with similar settings if i call from Linphone Desktop/4.1.1 (belle-sip/1.6.3) TLS decoding doesnt work.

For both calls ssldump shows: cipherSuite TLS_RSA_WITH_AES_128_CBC_SHA

Can you advice where to find the problem resolution?

Kaian commented 5 years ago

Hi @dias3000

Thanks for the feedback! :)

dias3000 commented 5 years ago
  • Does both captures contain the initial SYN, SYN-ACK, ACK packets? (You must restart the TCP connection before capturing).

Yep.

  • Are you able to decrypt the connection using wireshark?

Yep, with tshark

  • Could you generate a temporal private key and provide two captures with that key so I can debug the difference? Maybe it's something that sngrep does not support, like a TLS record split in multiple TCP packets

Yep, attached. pcap.zip

Kaian commented 5 years ago

Thanks for the testing data, it helps a lot to debug these problems.

I was able to decode bria dialogs with gnutls code, but openssl one was a bit buggy. I have added dynamic key material in openssl (like gnutls already had), but that does not work for the Linphone data.

I think the difference between the two connections is that Linphone connection is using some TLS attributes that Bria is not.

Bria:

    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 57
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 53
            Version: TLS 1.2 (0x0303)
            Random: 607a9c8fe255ba434a9684273cfe407c46b94a44fe7e435a...
            Session ID Length: 0
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Compression Method: null (0)
            Extensions Length: 13
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=0)
            Extension: SessionTicket TLS (len=0)

Linphone:

    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 65
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 61
            Version: TLS 1.2 (0x0303)
            Random: 05d40f878b3303d424c2078acb83e0d1dff9473f1c31f301...
            Session ID Length: 0
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Compression Method: null (0)
            Extensions Length: 21
            Extension: renegotiation_info (len=1)
            Extension: server_name (len=0)
            Extension: SessionTicket TLS (len=0)
            Extension: encrypt_then_mac (len=0)
            Extension: extended_master_secret (len=0)

In this case, extended_master_secret extension changes the way the connection key material is generated. sngrep does not read or handle SSL Extensions, so this is not easy to fix right now, as we have to implement something like wireshark does

I'll try to give it a try again whenever I have more spare time.

Thanks for the testing data!