Ask Your Question

TLS 1.3 certificate

asked 2020-02-27 15:33:07 +0000

alajeb gravatar image

I'm analyzing a TLS1.3 handshake using latest version of wireshark and I can't find the certificate in the handshake (I know that the certificate in TLS1.3 is sent encrypted). In which packet can I find the certificate sent by the server ?

edit retag flag offensive close merge delete


2 0.007021 TLSv1.3 1330 Server Hello, Encrypted Extensions, Certificate, Certificate Verify, Finished

bubbasnmp gravatar imagebubbasnmp ( 2020-02-27 23:09:28 +0000 )edit

could you please give me a screenshot

alajeb gravatar imagealajeb ( 2020-02-28 13:03:45 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-02-28 13:22:42 +0000

bubbasnmp gravatar image

Capture file tls13-20-chacha20poly1305.pcaphere:

Key file tls13-20-chacha20poly1305.keyshere:

image description

edit flag offensive delete link more


What version of wireshark are you using please?

alajeb gravatar imagealajeb ( 2020-02-28 14:02:03 +0000 )edit

3.2.1 (Git commit bf38a67724d0) on Ubuntu

Same display in Version 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0)

bubbasnmp gravatar imagebubbasnmp ( 2020-02-28 14:08:03 +0000 )edit

How could I get the same display as in the screenshot. When I open the pcap there is only Client Hello, Server Hello and Application Data

alajeb gravatar imagealajeb ( 2020-02-28 14:52:35 +0000 )edit

What version of Wireshark?
Did you add the keyfile to the TLS/SSL protocol settings?

bubbasnmp gravatar imagebubbasnmp ( 2020-02-28 15:04:34 +0000 )edit

What does the keyfile do ?

alajeb gravatar imagealajeb ( 2020-02-28 20:07:09 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-02-27 15:33:07 +0000

Seen: 410 times

Last updated: Feb 28