Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11557] Parsing of ECDSA signatures (with TLS 1.2, brainpoolP256r1) in ClientVe

Wireshark-bugs: [Wireshark-bugs] [Bug 11557] Parsing of ECDSA signatures (with TLS 1.2, brainpoo

Date: Wed, 30 Sep 2015 12:46:24 +0000

Comment # 2 on bug 11557 from Sebastian Oerding

Sorry, I can not attach the pcap as it contains confidential information.

Have you checked the attached Screenshot? Do you have a specific question?

I'm not sure how many of the constraints can be relaxed until you get different
results. But I would guess that this is a problem of parsing ECDSA signatures /
Client Verify. So a very isolated test case would be sufficient.

The complete handshake message Certificate Verify is

0f00004a04400046304402203856adca8913e6bbcb04c58d915133d310d3c9409c32420da02d4794e3e24f9302204c44b59fe566ab13a659380a11a7d27d0d6d6260263764a963428b0bd2747e78

In the best case you can reproduce this behaviour by connecting as TLS client
to an arbitrary TLS server which requires client authentication, supports TLS
1.2 and where TLS_ECDHE_ECDSA_... is negotiated as cipher suite. This requires
you to have an ECDSA sign certificate.

More specifically this may only happen when using SHA-256 as hash function but
currently I can not say / haven't tried.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 11557] New: Parsing of ECDSA signatures (with TLS 1.2, brainpoolP256r1) in ClientVerify
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10016] Crash when using the "RTP Analyze" option
Next by Date: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read filter
Previous by thread: [Wireshark-bugs] [Bug 11557] Parsing of ECDSA signatures (with TLS 1.2, brainpoolP256r1) in ClientVerify
Next by thread: [Wireshark-bugs] [Bug 11558] New: allow longer pcap-ng comments
Index(es):
- Date
- Thread