Wireshark-bugs: [Wireshark-bugs] [Bug 11557] Parsing of ECDSA signatures (with TLS 1.2, brainpoo
Date: Wed, 30 Sep 2015 12:46:24 +0000

Comment # 2 on bug 11557 from
Sorry, I can not attach the pcap as it contains confidential information.

Have you checked the attached Screenshot? Do you have a specific question?

I'm not sure how many of the constraints can be relaxed until you get different
results. But I would guess that this is a problem of parsing ECDSA signatures /
Client Verify. So a very isolated test case would be sufficient.

The complete handshake message Certificate Verify is

0f00004a04400046304402203856adca8913e6bbcb04c58d915133d310d3c9409c32420da02d4794e3e24f9302204c44b59fe566ab13a659380a11a7d27d0d6d6260263764a963428b0bd2747e78

In the best case you can reproduce this behaviour by connecting as TLS client
to an arbitrary TLS server which requires client authentication, supports TLS
1.2 and where TLS_ECDHE_ECDSA_... is negotiated as cipher suite. This requires
you to have an ECDSA sign certificate.

More specifically this may only happen when using SHA-256 as hash function but
currently I can not say / haven't tried.


You are receiving this mail because:
  • You are watching all bug changes.