0

I am not really good in tls details, just know some basics. So there are couple of questions about it:

  1. Is there a way to decipher tls in wireshark if the cipher method is diffie hellman? I know that using web browser it is easy as I have session key there. But in general case how I can extract session keys if I just have tls over bare tcp?

  2. If I have multiple clients who connect to the server, how does the server distinguish between different certificates and chooses the right one to decipher the message?

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86
Anastasiya Ruzhanskaya
  • 109
  • 3
  • 1) What do you mean with *"dissect"*? You can look at the protocol details - which is what dissect usually means. You cannot decrypt traffic though unless you have additional information like the master key. 2) I think you have the wrong understanding of TLS in this part. The server does not decipher the message based on certificates. But in general there is only one server certificate or the server chooses based on the server name in the SNI extension in the ClientHello. – Steffen Ullrich Nov 25 '18 at 17:03

1 Answers1

1

I am not really good in tls details, just know some basics.

In this case I really recommend you to read How does SSL/TLS work?.

Is there a way to decipher tls in wireshark if the cipher method is diffie hellman? I know that using web browser it is easy as I have session key there. But in general case how I can extract session keys if I just have tls over bare tcp?#

The point of TLS is to protect the transport against sniffing. This means if properly used there are no information inside the TCP connection which allow the decryption. Only client and server have the necessary information to encrypt and decrypt the data.

If I have multiple clients who connect to the server, how does the server distinguish between different certificates and chooses the right one to decipher the message?

The server does not use certificates to decrypt the traffic. The certificate is only used for authentication to prevent man in the middle attacks. In case of RSA key exchange the server certificate is additionally used inside the key exchange.

It is common that a server has only a single certificate. If the server has multiple certificates for different domains then the client needs to specify which domain it wants to access inside the SNI extension of the ClientHello (first message of TLS handshake).

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • Then the server should be able to choose between various session keys from different clients ( in case of diffie hellman at least) in order to decrypt , I suppose these session keys are all different, does tls have any field where session in this case is written? I didn't see any such field when I was able to decrypt traffic in web browser. – Anastasiya Ruzhanskaya Nov 25 '18 at 17:16
  • @AnastasiyaRuzhanskaya: I think you are missing basics of how TLS works and that's why you ask questions which make not really sense. There are no various session keys to choose from. Please read [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) first as I've recommended. – Steffen Ullrich Nov 25 '18 at 17:20
  • So, from here I also see that client and server agree on key for symmetric encryption. But if multiple clients from one host connect to one server what is the mechanism to manage these keys for encryption. I know that one connection can be used to communicate with multiple clients. – Anastasiya Ruzhanskaya Nov 25 '18 at 17:49
  • @AnastasiyaRuzhanskaya: "I know that one connection can be used to communicate with multiple clients."* - that is not possible. One server can serve multiple clients at the same time and at the same port but these are all different TCP connections. – Steffen Ullrich Nov 25 '18 at 18:34
  • Actually I know from oVirt developers that they have one connection for multiple users and use impersonation technique there – Anastasiya Ruzhanskaya Nov 26 '18 at 03:05
  • @AnastasiyaRuzhanskaya: I think you are mixing things up here. I don't know what they are really doing and you provide no reference but either they have multiple connections (which is different from multiple listeners - one listener can handle multiple connections) or they run their own multiplexing of different users over a single TLS connection - in this case this connection is only protected by a single key at the TLS level. – Steffen Ullrich Nov 26 '18 at 05:25
  • Sorry for not providing any reference. I just had a quick answer from them and that is all: " oVirt and most similar mgmt apps generally only have a single connection to libvirt but are doing work for 100's of different users on it". This is the project to manage virtual infrastructure. – Anastasiya Ruzhanskaya Nov 26 '18 at 06:01
  • I see that you are referring to [Libvirt access control drivers](https://www.redhat.com/archives/libvirt-users/2018-May/msg00073.html). Based on this more extensive information I would suggest that libvirt simply uses a single connection to handle information about multiple users - but this is transparent to the underlying TLS connection, i.e. there are no user specific keys since there is no concept of different users on this level. – Steffen Ullrich Nov 26 '18 at 06:24