jderuiter
commented
5 years ago Thanks for your interest in the project. There will be a bit more changes required than just the couple of bytes in the ClientHello message. However, the TLS part of this tool is not actively maintained at the moment anymore. Instead you could use another project TLSAttackerConnector to connect to StateLearner and construct and send the TLS messages using TLS-Attacker. This gives you more flexibility in the messages and algorithms that you can use. It was also used for TLS 1.3, but I'm not sure that code is already included. When using this approach you use the socket module of StateLearner to connect to TLSAttackerConnector.
Archer6621
Hello @jderuiter, I would like to use the statelearner on some of the newer TLS libraries/implementations out there to compare their state machines to some of the ones tested in your paper (Protocol state fuzzing of TLS implementations), one of them being rustls. One problem is that there doesn't seem to be any overlap in the ciphersuites either of them use, namely:
Ciphersuites used by
statelearner:Ciphersuites used by
rustls:I would like to add the TLS1.2 suite
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256to statelearner, but is not clear to me what steps are necessary for doing this. So far I found the byte values that should go in the ClientHello for indicating usage of this suite, namely{0xC0, 0x2F}. I know the Java 8 security package has support for this ciphersuite as well, but from the code it is not clear to me how I can make use of this to extend statelearner.Any ideas?