[Packetbeat] - Unknown Ciphers for TLS 1.3 #7455

andrewkroh · 2018-06-28T03:00:21Z

There appear to be some new cipher suites in TLS 1.3 that are unknown to Packetbeat.

https://tlswg.github.io/tls13-spec/draft-ietf-tls-tls13.html#rfc.appendix.B.4

      "client_hello": {
        "version": "3.3",
        "session_id": "c13c88f34af11b4363a6b005393650e1f1ea4f2d32457f4341103623900d17b5",
        "supported_ciphers": [
          "(unknown:0x1301)",
          "(unknown:0x1303)",
          "(unknown:0x1302)",
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
          "TLS_RSA_WITH_AES_128_CBC_SHA",
          "TLS_RSA_WITH_AES_256_CBC_SHA",
          "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
        ]

For confirmed bugs, please report:

Version: 7.0.0-alpha1-SNAPSHOT
Operating System: Linux/armv7

The text was updated successfully, but these errors were encountered:

The TLS protocol parser has been updated with 5 new cipher suites introduced in TLS 1.3: +------------------------------+-------------+ | Description | Value | +------------------------------+-------------+ | TLS_AES_128_GCM_SHA256 | {0x13,0x01} | | | | | TLS_AES_256_GCM_SHA384 | {0x13,0x02} | | | | | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} | | | | | TLS_AES_128_CCM_SHA256 | {0x13,0x04} | | | | | TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} | +------------------------------+-------------+

…#7498) The TLS protocol parser has been updated with 5 new cipher suites introduced in TLS 1.3: +------------------------------+-------------+ | Description | Value | +------------------------------+-------------+ | TLS_AES_128_GCM_SHA256 | {0x13,0x01} | | | | | TLS_AES_256_GCM_SHA384 | {0x13,0x02} | | | | | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} | | | | | TLS_AES_128_CCM_SHA256 | {0x13,0x04} | | | | | TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} | +------------------------------+-------------+ (cherry picked from commit 533e026)

The TLS protocol parser has been updated with 5 new cipher suites introduced in TLS 1.3: +------------------------------+-------------+ | Description | Value | +------------------------------+-------------+ | TLS_AES_128_GCM_SHA256 | {0x13,0x01} | | | | | TLS_AES_256_GCM_SHA384 | {0x13,0x02} | | | | | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} | | | | | TLS_AES_128_CCM_SHA256 | {0x13,0x04} | | | | | TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} | +------------------------------+-------------+ (cherry picked from commit 533e026)

…#7498) (elastic#7501) The TLS protocol parser has been updated with 5 new cipher suites introduced in TLS 1.3: +------------------------------+-------------+ | Description | Value | +------------------------------+-------------+ | TLS_AES_128_GCM_SHA256 | {0x13,0x01} | | | | | TLS_AES_256_GCM_SHA384 | {0x13,0x02} | | | | | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} | | | | | TLS_AES_128_CCM_SHA256 | {0x13,0x04} | | | | | TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} | +------------------------------+-------------+ (cherry picked from commit b1c422e)

andrewkroh added the Packetbeat label Jun 28, 2018

adriansr mentioned this issue Jul 3, 2018

Update TLS protocol cipher suites (#7455) #7498

Merged

andrewkroh closed this as completed in #7498 Jul 3, 2018

andrewkroh mentioned this issue Jul 3, 2018

Cherry-pick #7498 to 6.3: Update TLS protocol cipher suites (#7455) #7501

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Packetbeat] - Unknown Ciphers for TLS 1.3 #7455

[Packetbeat] - Unknown Ciphers for TLS 1.3 #7455

andrewkroh commented Jun 28, 2018

[Packetbeat] - Unknown Ciphers for TLS 1.3 #7455

[Packetbeat] - Unknown Ciphers for TLS 1.3 #7455

Comments

andrewkroh commented Jun 28, 2018