Ask Your Question
0

Find the server Elliptic curve

asked 2020-07-24 09:53:35 +0000

chris-net gravatar image

I'm looking into a problem between browsers and a Citrix ADC Vserver and am currently trying to determine what the cipher suite and ECC Curves the server & client negotiate.

I can use filter tls.handshake.ciphersuite to filter just the packets that contain the client hello & server hello packets that contain the cipher suites & ECC curves (extensions supported group) the client supports and the suite the server chooses. The server hello clearly show the chosen cipher suite but i can't find what ecc curve the server chooses.

Can someone point me to how i can find out the elliptic curve negotiated between the 2.

Thanks

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-07-24 10:12:00 +0000

grahamb gravatar image

Look at the contents of the Key Share extension field in the Server Hello, there should be one entry with the chosen group (field tls.handshake.extensions_key_share_group).

edit flag offensive delete link more

Comments

only seeing "tls.handshake.extensions_key_share_group" in client hello's no server hello's are shown with that filter.

interestingly with firefox, the client shares group x25519 & secp256r1 yet secp384r1 is negotiated as seen in developer mode -> security in firefox.

chris-net gravatar imagechris-net ( 2020-07-24 10:50:48 +0000 )edit

I was looking at a TLS 1.3 handshake.

grahamb gravatar imagegrahamb ( 2020-07-24 11:35:15 +0000 )edit
0

answered 2020-07-24 10:53:43 +0000

chris-net gravatar image

tls.handshake.server_curve_type

filters just those packets containing the curve negotiated

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-07-24 09:53:35 +0000

Seen: 40 times

Last updated: Jul 24