Closed ayushbindlish closed 3 years ago
Hi, while all TLS 1.2 key exchange messages have the same type, TLS-Attacker differs between ECDHE, DHE and RSA key exchange messages. This way you can precisely set modifications for specific fields that aren't part of the message for all key exchange types. However, this requires TLS-Attacker to know beforehand which key exchange type is going to be used for the handshake. This decision is made based on the defaultSelectedCipherSuite in the Config. In your example, the default selected cipher suite is an RSA one, so TLS-Attacker won't prepare the computations for ECDHE. If you know which key exchange type will be negotiated, you can set the defaultSelectedCipherSuite accordingly. If you don't mind which key exchange type should be used, you can make use of the SendDynamicClientKeyExchangeAction in your WorkflowTrace.
Thanks for the detailed info. It worked. Though I figured after your reply that selecting Dynamic workflow trace fixed it for me.
Verified using wireshark
Sample code:
List clientCipherSuite = new LinkedList<>();
clientCipherSuite.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
clientCipherSuite.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
clientCipherSuite.add(CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384);
clientCipherSuite.add(CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256);
clientCipherSuite.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
clientCipherSuite.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
conf.setDefaultClientSupportedCiphersuites(clientCipherSuiteList);
Note: If we provide TLS_RSA_WITH_AES_256_GCM_SHA384 ciphersuite as first preffered, PublicKey is set properly.