Wireshark-bugs: [Wireshark-bugs] [Bug 11557] Parsing of ECDSA signatures (with TLS 1.2, brainpoo
Comment # 2
on bug 11557
from Sebastian Oerding
Sorry, I can not attach the pcap as it contains confidential information.
Have you checked the attached Screenshot? Do you have a specific question?
I'm not sure how many of the constraints can be relaxed until you get different
results. But I would guess that this is a problem of parsing ECDSA signatures /
Client Verify. So a very isolated test case would be sufficient.
The complete handshake message Certificate Verify is
0f00004a04400046304402203856adca8913e6bbcb04c58d915133d310d3c9409c32420da02d4794e3e24f9302204c44b59fe566ab13a659380a11a7d27d0d6d6260263764a963428b0bd2747e78
In the best case you can reproduce this behaviour by connecting as TLS client
to an arbitrary TLS server which requires client authentication, supports TLS
1.2 and where TLS_ECDHE_ECDSA_... is negotiated as cipher suite. This requires
you to have an ECDSA sign certificate.
More specifically this may only happen when using SHA-256 as hash function but
currently I can not say / haven't tried.
You are receiving this mail because:
- You are watching all bug changes.