 | 1 | initial version |
Sample capture attached to issue 12779 - Add TLS 1.3 support:
tls13-22-hrr.pcap: picotls client with boringssl 2fce1bed (draft -22 with HelloRetryRequest)
The implementation of HelloRetryRequest seems to vary by draft version.
In the current Wireshark code, packet-tls-utils.c looks for a magic string:
/**
* Scan a Server Hello handshake message for the negotiated version. For TLS 1.3
* draft 22 and newer, it also checks whether it is a HelloRetryRequest.
*/
void
tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end,
guint16 *server_version, gboolean *is_hrr)
{
/* SHA256("HelloRetryRequest") */
static const guint8 tls13_hrr_random_magic[] = {
0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91,
0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c
};
The filter would be:
tls.handshake.random == cf:21:ad:74:e5:9a:61:11:be:1d:8c:02:1e:65:b8:91:c2:a2:11:16:7a:bb:8c:5e:07:9e:09:e2:c8:a8:33:9c
Another approach would be to search the Info column for "Hello Retry Request".
See the filtcols Lua plugin.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.