Comments (5)
Since adding an extension will change the length of the extensions field and the length of the ClientHelllo, you need to recreate the changed ClientHello and then feed it into the HandshakeHashes object.
But at this point, why you just don't modify the the Client Hello from tlsfuzzer to include the extension in the first place?
Honestly, I'm not sure what you want to do: if you have a middle box that wants to change the CH message, then it needs to be a TLS endpoint, as that's the only way to calculate correct Finished message...
from tlslite-ng.
Since adding an extension will change the length of the extensions field and the length of the ClientHelllo, you need to recreate the changed ClientHello and then feed it into the HandshakeHashes object. But at this point, why you just don't modify the the Client Hello from tlsfuzzer to include the extension in the first place?
Honestly, I'm not sure what you want to do: if you have a middle box that wants to change the CH message, then it needs to be a TLS endpoint, as that's the only way to calculate correct Finished message...
Yes you are right, I have a middle box that append the custom CH field, adding an information that I want to extract on tlsliste-ng. The problem is that it raises a SSL_ERROR_BAD_MAC_ALERT during handshake.
Is there a way to disable MAC verification on tlslite-ng ?
from tlslite-ng.
No, there isn't an API to do that.
from tlslite-ng.
Thanks @tomato42 for your help.
One more question, is it possible to plug an flask/uwsgi app on tlslite-ng? I'm trying to change tls.py to do it, with no success so far.
from tlslite-ng.
no idea, never used flask or uwsgi, see into tlslite/integration
for some examples of integrating tlslite-ng with other projects
from tlslite-ng.
Related Issues (20)
- Enable python 3.9 in CI HOT 1
- Travis-CI is dead, migrate to Actions
- sent certificate types don't depend on settings
- tlslite continues with the handshake after receiving multiple CCS messages in one TLS record
- RSA key generation sometimes fails
- Example tls server supporting both SRP and ClientAuth HOT 2
- TLS-RFC compliance HOT 4
- tlslite-ng can't parse certificates with rsa-pss signatures created by openssl 3.0
- Type Hints HOT 2
- Add brainpool TLS 1.3 sig alg definitions
- How to integrate with http libraries like aiohttp or httpx? HOT 1
- SMTP Connection with GMAIL HOT 16
- backword compatibility HOT 1
- Issue: module 'Crypto.Cipher.AES' has no attribute 'AESCipher' HOT 1
- Clienthello sessionid field lack of length inspection HOT 1
- Lack of check for some messages' Record Version field HOT 2
- Re-introduce support for async io in python 3.12 HOT 1
- How to not send TLS_EMPTY_RENEGOTIATION_INFO ? HOT 1
- Adding ECPoints TLS 1.2 formats HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlslite-ng.