Combining Messages in a Records

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.

Apache License 2.0

789 stars 136 forks source link

Combining Messages in a Records #160

Closed oreizi closed 1 year ago

oreizi commented 1 year ago

Is it possible to have the ClientKeyExchange, ChangeCipherSpec and Finished messages all sent in the same Record? It seems like with the default configuration, these three TLS messages are split into three spearate Records (TCP packets). What I have tried so far is adding the:

        <records>
            <Record>
            </Record>
        </records>

to the SendAction but this did not result in the wanted behaviour.

I tried as well to set the configuration bool sendHandshakeMessagesWithinSingleRecord but had no luck with it as well.

Tested with TLS-Attacker version: 5.3.0

ic0ns commented 1 year ago

Just to give some quick feedback: with TLS-Attacker 5.3.0 I think this is not (easily) possible anymore. sendHandshakeMessagesWithinSingleRecord only controls handshake message fragmentation. Since the changecipherspec message is not a handshake message TLS-Attacker will split the message. However, in previous versions of TLS-Attacker we had a dedicated flag for exactly this case called flushOnMessageTypeChange in TLS-Attacker 4.0.2. The reason we removed this nativ feature is that the record will be effectively not be parseable for the peer - so we did not see any reason to keep it - but maybe you will find it helpful.

oreizi commented 1 year ago

Thanks for the explanation!