03 Visualizing TLS Encryption - making sense of TLS in Wireshark

Рет қаралды 3,045

SharkFest Wireshark Developer and User Conference

Күн бұрын

Пікірлер: 7

@abudi88ful 2 жыл бұрын

amazing breakdown

@WireSharkFest 2 жыл бұрын

Glad you enjoyed it!

@notmything6629 2 жыл бұрын

excellent. Thank you

@WireSharkFest 2 жыл бұрын

You are welcome!

@LarsV33 3 жыл бұрын

Interesting hands-on part with the key logs. Unfortunately, a couple of misleading or wrong statements in the presentation. This concerns especially how the TLS key exchange works and crypto. For example: - The p and g of the DH are in the DHE mode NOT taken from a certificate. They are transported Server Key Exchange Message (see RFC5246 Section 7.4.3). Only in the DH (not DHE) cipher suites are p and g in the certificate since the g^a mod p is too. - ECDH is NOT so popular because regular DH is not secure anymore. ECDH is mainly much faster for the same strength because the key length of DH would need to be quite big. - TLS 1.3 can not only use ECDHE but DHE too. See RFC8446 section 7.4. Overall the differentiation between the different TLS key exchange modes (no DH, DH, DHE, ECDH, ECDHE, etc.) was not clear enough and could mislead people watching this. :-(

@WireSharkFest 3 жыл бұрын

Thanks for this info Lars, we'll pass it on to Ross!

@ItIsFullyFaltu 2 жыл бұрын

About p and g Ross is also right, in the same RFC. Read section F.1.1.3. Diffie-Hellman Key Exchange with Authentication When Diffie-Hellman key exchange is used, the server can either supply a certificate containing fixed Diffie-Hellman parameters or use the server key exchange message to send a set of temporary Diffie-Hellman parameters signed with a DSA or RSA certificate.