Re: [cf-dev] DTLS handshake message encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cf-dev] DTLS handshake message encryption

From: "Kovatsch Matthias" <kovatsch@xxxxxxxxxxx>
Date: Tue, 31 Mar 2015 18:59:47 +0000
Accept-language: en-US, de-CH
Delivered-to: cf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cf-dev>
List-help: <mailto:cf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdBrgz5avo27Au6nRoyaIcrU5k4upQAXCOWA
Thread-topic: DTLS handshake message encryption

Dear Kai

I understand it the same way: Handshake messages in plaintext (with a special case for Finished), ChangeCipherSpec and appdata depending on the current state. In a resumption, ChangeCipherSpec is still "plaintext."

During development, we could not test the abbreviated handshake with other implementations because the feature was not available. So it is possible that there are still issues.

Looking through the code, I could not find the place where encryption would be applied (doProcessMessage() is overridden in ResumingServerHandshaker). Did you see an encrypted flight from the server on the wire?

Ciao
Matthias

> -----Original Message-----
> From: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx] On
> Behalf Of Hudalla Kai (INST/ESY)
> Sent: Tuesday, 31 March 2015 09:21
> To: cf-dev@xxxxxxxxxxx
> Subject: [cf-dev] DTLS handshake message encryption
> 
> Hi,
> 
> I am currently working on some issues with the DTLS handshake in Scandium.
> While going through the ResumingServerHandshaker I noticed that it encrypts all
> messages sent to the client according to the current session state. While going
> through section 7.4 of the TLS 1.2 [1] spec I found this passage:
> "Handshake messages are supplied to the TLS record layer, where they are
> encapsulated within one or more TLSPlaintext structures, which are processed
> and transmitted as specified by the current active session state."
> My understanding of this is that handshake messages are never encrypted but
> are always transmitted in plaintext (except for the Change Cipher Spec message
> which actually is not a handshake message).
> Does anybody have any deeper insight into this? Matthias, have you given this
> more thought yet?
> 
> [1] http://tools.ietf.org/html/rfc5246#section-7.4
> 
> Regards,
> Kai
> 
> _______________________________________________
> cf-dev mailing list
> cf-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit https://dev.eclipse.org/mailman/listinfo/cf-dev

Follow-Ups:
- Re: [cf-dev] DTLS handshake message encryption
  - From: Hudalla Kai (INST/ESY)
- Re: [cf-dev] DTLS handshake message encryption
  - From: Kovatsch Matthias

References:
- [cf-dev] DTLS handshake message encryption
  - From: Hudalla Kai (INST/ESY)

Prev by Date: [cf-dev] [Hudson] Hudson build is back to normal : scandium #53
Next by Date: Re: [cf-dev] DTLS handshake message encryption
Previous by thread: [cf-dev] DTLS handshake message encryption
Next by thread: Re: [cf-dev] DTLS handshake message encryption
Index(es):
- Date
- Thread

Breadcrumbs