TLS 1.3 wrong JA3 values

ne4u commented 2 years ago

when tls 1.3 is negotiated, the JA3 value is truncated therefore the md5 hash is wrong.

phuslu commented 2 years ago

Emmm, this case is well tested internally. so it should be OK. Could you please give a repro of "curl" cli example?

ne4u commented 2 years ago

ssl_protocols TLSv1.2;

/usr/local/opt/curl/bin/curl -v https://tls.bob.com:4443

Trying 10.1.1.111:4443...
Connected to tls.bob.com (10.1.1.111) port 4443 (#0)
ALPN: offers h2
ALPN: offers http/1.1
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
ALPN: server accepted http/1.1
Server certificate:
subject: CN=*.bob.com
start date: Jun 27 00:00:00 2021 GMT
expire date: Jun 27 23:59:59 2022 GMT
subjectAltName: host "tls.bob.com" matched cert's "*.bob.com"
issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
SSL certificate verify ok.

GET / HTTP/1.1 Host: tls.bob.com:4443 User-Agent: curl/7.83.0 Accept: /
Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Fri, 06 May 2022 18:32:46 GMT < Content-Type: text/html < Content-Length: 371 < Last-Modified: Mon, 30 Dec 2019 03:50:24 GMT < Connection: keep-alive < ETag: "5e097400-173" < Server: bob < JA3: 771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-13172-16-22-23-49-13-43-45-51-21,29-23-30-25-24,0-1-2 < JA3-Hash: f436b9416f37d134cadd04886327d3e8 < TLS-GREASED: 0 < Accept-Ranges: bytes < <!DOCTYPE html> Default Install
Default Install.

If you see this page, the web server is successfully installed and working. Further configuration is required.
Connection #0 to host tls.bob.com left intact %

ssl_protocols TLSv1.3;

/usr/local/opt/curl/bin/curl -v https://tls.bob.com:4443

Trying 10.1.1.111:4443...
Connected to tls.bob.com (10.1.1.111) port 4443 (#0)
ALPN: offers h2
ALPN: offers http/1.1
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN: server accepted http/1.1
Server certificate:
subject: CN=*.bob.com
start date: Jun 27 00:00:00 2021 GMT
expire date: Jun 27 23:59:59 2022 GMT
subjectAltName: host "tls.bob.com" matched cert's "*.bob.com"
issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
SSL certificate verify ok.

GET / HTTP/1.1 Host: tls.bob.com:4443 User-Agent: curl/7.83.0 Accept: /
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Date: Fri, 06 May 2022 18:35:45 GMT < Content-Type: text/html < Content-Length: 371 < Last-Modified: Mon, 30 Dec 2019 03:50:24 GMT < Connection: keep-alive < ETag: "5e097400-173" < Server: bob < JA3: 772,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-13172-16-22-23-49-13-43-45-51-21,29-23-30-25-24 < JA3-Hash: cc438283e6fc32b1a412abb34f217ec2 < TLS-GREASED: 0 < Accept-Ranges: bytes < <!DOCTYPE html> Default Install
Default Install.

If you see this page, the web server is successfully installed and working. Further configuration is required.
Connection #0 to host tls.bob.com left intact %

The expected result for tls 1.3 should be:

JA3: 772,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-13172-16-22-23-49-13-43-45-51-21,29-23-30-25-24, JA3-Hash: b0aca3a3bfcbb345b7e4e397f231dee8

when formats is null truncation occurs

ne4u commented 2 years ago

i'm no c programmer, so to test my theory i added this horribly wrong code which does seem to work:

/* formats */
if (c->ssl->points.len) {
    pdata = c->ssl->points.data;
    pend = pdata + c->ssl->points.len;
    while (pdata < pend) {
        pstr = append_uint8(pstr, *pdata);
        *pstr++ = '-';
        pdata++;
    }
} else {
    /* quick dirty fix for tls 1.3 */
    *pstr++ = ',';
    pdata++;
}

I can confirm with my hack, i'm now getting expected results when compared to: browswerleaks.com/ssl for all tested tls 1.3 clients.

phuslu commented 2 years ago

fix in openssl-31 branch please take a look.

phuslu / nginx-ssl-fingerprint

TLS 1.3 wrong JA3 values #3

Default Install.

Default Install.