Skip to content

TLSServerAutomaton in tls1.3 of Scapy v2.6.1 cannot save_ticket(TLS13NewSessionTicket) #4682

New issue
New issue
Open
Open
TLSServerAutomaton in tls1.3 of Scapy v2.6.1 cannot save_ticket(TLS13NewSessionTicket)#4682
@jiuyuan-light

Description

@jiuyuan-light
jiuyuan-light
opened on Mar 6, 2025

Brief description

Using TLSServerAutomaton in tls1.3 of Scapy v2.6.1, after client access, TLS13NewSessionTicket cannot be saved to a file.

Scapy version

2.6.1

Python version

3.13

Operating system

windows11

Additional environment information

No response

How to reproduce

Start a tls server using the following code

    tls13_s = TLSServerAutomaton(
        **ssl_config,
        handle_session_ticket=True,
        session_ticket_file='./server_ticket.b'
    )
    tls13_s.run()

Check the following code.In some cases, TLS13NewSessionTicket may be added to "self.tls_session.post_handshake_messages", and is it necessary to check "self.tls_session.post_handshake_messages" when save_ticket?

class TLS13NewSessionTicket(_TLSHandshake):
    def tls_session_update(self, msg_str):
        """
        Covers both post_build- and post_dissection- context updates.
        """
        # RFC8446 sect 4.4.1
        # "Note, however, that subsequent post-handshake authentications do not
        # include each other, just the messages through the end of the main
        # handshake."
        if self.tls_session.post_handshake:
            self.tls_session.post_handshake_messages.append(msg_str)
        else:
            self.tls_session.handshake_messages.append(msg_str)
            self.tls_session.handshake_messages_parsed.append(self)
			
class TLSServerAutomaton(_TLSAutomaton):
    @ATMT.condition(ADDED_SERVERDATA)
    def should_send_ServerData(self):
        if self.session_ticket_file:
            save_ticket = False
            for p in self.buffer_out:
                if isinstance(p, TLS13):
                    # Check if there's a NewSessionTicket to send
                    save_ticket = all(map(lambda x: isinstance(x, TLS13NewSessionTicket),  # noqa: E501
                                          p.inner.msg))
                    if save_ticket:
                        break
        self.flush_records()
        if self.session_ticket_file and save_ticket:
            # Loop backward in message send to retrieve the parsed
            # NewSessionTicket. This message is not completely build before the
            # flush_records() call. Other way to build this message before ?
            for p in reversed(self.cur_session.handshake_messages_parsed):
                if isinstance(p, TLS13NewSessionTicket):
                    self.save_ticket(p)
                    break
        raise self.SENT_SERVERDATA()

Actual result

TLS13NewSessionTicket cannot be saved to a file

Expected result

TLS13NewSessionTicket can be saved to a file

Related resources

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions