[gnutls-help] gnutls_protocol_get_name() and session resumption

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Apr 18 08:18:33 CEST 2019


On Mon, Apr 15, 2019 at 5:45 PM Jeremy Harris <jgh at wizmail.org> wrote:
>
> On 15/04/2019 07:33, Nikos Mavrogiannopoulos wrote:
> > On Sun, Apr 14, 2019 at 9:19 PM Jeremy Harris <jgh at wizmail.org> wrote:
> >>
> >> On 14/04/2019 15:09, Nikos Mavrogiannopoulos wrote:
> >>> On Sat, Apr 13, 2019 at 8:20 PM Jeremy Harris <jgh at wizmail.org> wrote:
> >>>> GnuTLS 3.6.7
> >>>>
> >>>> On resuming a TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 session
> >>>> I'm getting a reported ciphersuite TLS1.3:NULL:256
> >>>>
> >>>> The "NULL" derives from gnutls_cipher_suite_get_name() and
> >>>> the difference from the original is that the kx has changed
> >>>> from 12 (GNUTLS_KX_ECDHE_RSA) to 14 (GNUTLS_KX_ECDHE_PSK).
> >>>>
> >>>>
> >>>> Should I be using gnutls_kx_get_name() (&c for cipher and mac)
> >>>> separately, rather than gnutls_cipher_suite_get_name() ?
> >>>
> >>> There are no key exchange methods under TLS1.3, or they are kind of
> >>> implied, that's why you see null there. I'd recommend to use
> >>> gnutls_session_get_desc() which gives a description applicable for
> >>> gnutls but uniform across versions.
> >>
> >> Using that, the original connection gets
> >>  (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
> >> and the resumed session gets
> >>  (TLS1.3)-(ECDHE-PSK-SECP256R1)-(AES-256-GCM)
> >>
> >> Assuming the ECDHE is "implied by the TLS1.3" and the PSK part
> >> is saying the key was shared by the initial connection...
> >> what has happened to the cipher?
> >
> > The cipher is in both cases AES-256-GCM. What has changed is the key
> > exchange and authentication method.
>
> Ah. So what is the distinction between the elements
> (ECDHE-SECP256R1)  and  (RSA-PSS-RSAE-SHA256) ?

The first is key exchange, the latter is the authentication method (of
the key exchange), i.e., the algorithm used to sign it.

> Also, where did the MAC information go?  Is it still valid and required
> to use gnutls_mac_get_name(gnutls_mac_get()) ?

The algorithms are now AEAD, and the MAC is part of the cipher (in
this case GCM). What gnutls_mac_get() will return is AEAD.

Most of these questions should be answered by this post:
https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html

regards,
Nikos



More information about the Gnutls-help mailing list