Wireshark-dev: Re: [Wireshark-dev] Trying to decode a TLS 1.3 with null cipher

From: Ahmed Elsherbiny <sherboah@xxxxxxxxx>
Date: Tue, 5 May 2020 09:05:53 -0700
Hi Peter,

Unfortunately I am not privy to the reasons for choosing this particular cipher suite.

Sorry if my questions sounds naive - I'm really not into the security domain. What would be the risks of using this implementation (with the nonce issue and half-size key)? Does it make it easier for an attacker to "fake" a certificate and impersonate the server?
My next question would be, what other cipher suites would you suggest? I heard that TLS1.2 may get deprecated and so, not sure if that would be a good option.

Regards,
Ahmed

On Mon, May 4, 2020 at 4:38 PM Peter Wu <peter@xxxxxxxxxxxxx> wrote:
Hi Ahmed,

On Mon, May 04, 2020 at 03:12:50PM -0700, Ahmed Elsherbiny wrote:
> First of all, thank you again for creating the patch. I did test it and was
> able to successfully decode some messages.
> My implementation uses WolfSSL v4.3.0.
>
> I hope the patch will be merged in, please let me know if there's any more
> info you need from my end.

At the moment the patch is unlikely going to be merged pending further
information from the relevant draft authors. Please be very careful with
deploying your information, WolfSSL appears to have a bug in the
implementation of the draft:
https://github.com/wolfSSL/wolfssl/issues/2945

Is your implementation actually going to be used in production? What are
the reasons behind choosing this draft proposal for TLS 1.3 null ciphers
if I may ask?
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe