[gnutls-devel] Problem with proxied connections on 3.5.3

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Sat Sep 17 18:07:47 CEST 2016


On Sat, 2016-09-17 at 12:48 +0200, Andreas Metzler wrote:
> On 2016-09-17 Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com>
> wrote:
> [...]
> > 
> > Thank you. Could I have a capture of the session? My speculation is
> > that the user is under man-in-the-middle attack and the presented
> > RSA
> > public key in the certificate is rejected by
> > rsa_public_key_prepare().
> > If that is run with nettle 3.2, then only check is whether the N is
> > <
> > 96 bits which is way too small even for an attacker. Later versions
> > (in
> > git) have an additional check for N being even. A capture and the
> > nettle version used will shed some light on the issue.
> Could you perhaps provide Marcelo with step-by-step instructions on
> how
> to generate the session capture?

I'd run wireshark -i eth0 (replace eth0 with the ethernet interface
name), and click start capture.
Then on another terminal run the command that makes the TLS connection
fail.
Then click capture -> Stop, In "apply display filter", type ssl, then
File -> Export specified packets and send the saved pcap file.

regards,
Nikos




More information about the Gnutls-devel mailing list