search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
804 stars 140 forks source link

ThreadedServerWorkflowExecutor with DTLS 1.2 #184

Open Smuul opened 1 week ago

Smuul commented 1 week ago

Title: ThreadedServerWorkflowExecutor with DTLS 1.2

Description:

I am trying to use the ThreadedServerWorkflowExecutorfeature, but I'm encountering some issues when attempting to use it with DTLS 1.2.

Scenario:

I run TLS-Attacker using the following command: java -jar apps/TLS-Server.jar -port 4433 -version DTLS12 -executor_type THREADED_SERVER -workflow_trace_type HANDSHAKE

This yields the output: image

On the other hand, I execute an OpenSSL client like this: openssl s_client -dtls1_2 -connect 127.0.0.1:4433

However, it appears that the DTLS server is not receiving any data, despite the Client Hello being sent, as illustrated below: image

Observations:

Interestingly, if I use TLS 1.2 instead of DTLS 1.2, everything seems to work properly. When using TLS, the Client Hello and subsequent handshake messages are received and processed without issue, as shown here: java -jar apps/TLS-Server.jar -port 4433 -version TLS12 -executor_type THREADED_SERVER -workflow_trace_type HANDSHAKE openssl s_client -tls1_2 -connect 127.0.0.1:4433

image image

Request for Assistance:

I'm reaching out to see if anyone has insights into what might be causing this problem. Specifically:

Any guidance or support would be greatly appreciated. Thank you!

mmaehren commented 2 days ago

Hey,

unfortunately, we do not support the threaded executor for DTLS. For UDP, we cannot simply spawn a new socket for each connecting client using Java's API. Effectively, we would have to map incoming DTLS traffic to the correct execution thread ourselves. It is a planned feature but we will probably wait until we implement DTLS 1.3 and connection ID support.