Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLSServerAutomaton in tls1.3 of Scapy v2.6.1 cannot save_ticket(TLS13NewSessionTicket) #4682

Open
jiuyuan-light opened this issue Mar 6, 2025 · 0 comments
Open

TLSServerAutomaton in tls1.3 of Scapy v2.6.1 cannot save_ticket(TLS13NewSessionTicket) #4682

jiuyuan-light opened this issue Mar 6, 2025 · 0 comments

Comments

@jiuyuan-light
Copy link

jiuyuan-light commented Mar 6, 2025
edited
Loading

Brief description

Using TLSServerAutomaton in tls1.3 of Scapy v2.6.1, after client access, TLS13NewSessionTicket cannot be saved to a file.

Scapy version

2.6.1

Python version

3.13

Operating system

windows11

Additional environment information

No response

How to reproduce

Start a tls server using the following code

    tls13_s = TLSServerAutomaton(
        **ssl_config,
        handle_session_ticket=True,
        session_ticket_file='./server_ticket.b'
    )
    tls13_s.run()

Check the following code.In some cases, TLS13NewSessionTicket may be added to "self.tls_session.post_handshake_messages", and is it necessary to check "self.tls_session.post_handshake_messages" when save_ticket?

class TLS13NewSessionTicket(_TLSHandshake):
    def tls_session_update(self, msg_str):
        """
        Covers both post_build- and post_dissection- context updates.
        """
        # RFC8446 sect 4.4.1
        # "Note, however, that subsequent post-handshake authentications do not
        # include each other, just the messages through the end of the main
        # handshake."
        if self.tls_session.post_handshake:
            self.tls_session.post_handshake_messages.append(msg_str)
        else:
            self.tls_session.handshake_messages.append(msg_str)
            self.tls_session.handshake_messages_parsed.append(self)
			
class TLSServerAutomaton(_TLSAutomaton):
    @ATMT.condition(ADDED_SERVERDATA)
    def should_send_ServerData(self):
        if self.session_ticket_file:
            save_ticket = False
            for p in self.buffer_out:
                if isinstance(p, TLS13):
                    # Check if there's a NewSessionTicket to send
                    save_ticket = all(map(lambda x: isinstance(x, TLS13NewSessionTicket),  # noqa: E501
                                          p.inner.msg))
                    if save_ticket:
                        break
        self.flush_records()
        if self.session_ticket_file and save_ticket:
            # Loop backward in message send to retrieve the parsed
            # NewSessionTicket. This message is not completely build before the
            # flush_records() call. Other way to build this message before ?
            for p in reversed(self.cur_session.handshake_messages_parsed):
                if isinstance(p, TLS13NewSessionTicket):
                    self.save_ticket(p)
                    break
        raise self.SENT_SERVERDATA()

Actual result

TLS13NewSessionTicket cannot be saved to a file

Expected result

TLS13NewSessionTicket can be saved to a file

Related resources

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jiuyuan-light