PublicKey parameter is missing from ClientKeyExchange when we set multiple CipherSuites starting with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

[ayushbindlish]

Verified using wireshark

Sample code:

List clientCipherSuite = new LinkedList<>(); clientCipherSuite.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); clientCipherSuite.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384); clientCipherSuite.add(CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384); clientCipherSuite.add(CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256); clientCipherSuite.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); clientCipherSuite.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384); conf.setDefaultClientSupportedCiphersuites(clientCipherSuiteList);

Note: If we provide TLS_RSA_WITH_AES_256_GCM_SHA384 ciphersuite as first preffered, PublicKey is set properly.

[mmaehren]

Hi, while all TLS 1.2 key exchange messages have the same type, TLS-Attacker differs between ECDHE, DHE and RSA key exchange messages. This way you can precisely set modifications for specific fields that aren't part of the message for all key exchange types. However, this requires TLS-Attacker to know beforehand which key exchange type is going to be used for the handshake. This decision is made based on the defaultSelectedCipherSuite in the Config. In your example, the default selected cipher suite is an RSA one, so TLS-Attacker won't prepare the computations for ECDHE. If you know which key exchange type will be negotiated, you can set the defaultSelectedCipherSuite accordingly. If you don't mind which key exchange type should be used, you can make use of the SendDynamicClientKeyExchangeAction in your WorkflowTrace.

[ayushbindlish]

Thanks for the detailed info. It worked. Though I figured after your reply that selecting Dynamic workflow trace fixed it for me.