Closed ghost closed 3 years ago
Hi,
by default, TLS-Attacker creates the list of messages that have to be sent throughout the handshake before the actual handshake takes place. This allows to set up modifications to messages prior to the execution but requires that the negotiated cipher suite is known before. If a wrong defaultSelectedCipherSutie is set, additional unwanted messages may be sent - this is the case here as TLS-Attacker sends a ServerKeyExchange message allthough a static RSA cipher suite gets negotiated. If you want to include or exclude the key exchange message dynamically based on the selected cipher suite, you can use the DYNAMIC_HANDSHAKE
WorkflowTrace instead of HANDSHAKE
.
working as expected 👍🏼 Thanks @mmaehren
Tried below commands:
openssl s_client -connect 127.0.0.1:54000 -msg -tls1_2 -cipher AES256-GCM-SHA384
openssl s_client -connect 127.0.0.1:54000 -msg -tls1_2 -cipher AES128-GCM-SHA256
while handshake with cipher AES256-GCM-SHA384,AES128-GCM-SHA256 tls-attacker gives Level: AlertLevel{value=FATAL} Description: AlertDescription{value=UNEXPECTED_MESSAGE}
Attached tls attacker debug log AES256_GCM_SHA384.log