Merge pull request #1417 from dcooper16/fix_tls13_key_derivation

Fix TLS 1.3 key derivation
2025-01-31 04:41:15 +01:00 · 2019-12-24 11:47:08 +01:00 · 2019-12-24 11:47:08 +01:00 · 9f58ba4733
commit 9f58ba4733
parent 710f915660 ce4f923c6b
1 changed files with 2 additions and 0 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -13479,6 +13479,7 @@ resend_if_hello_retry_request() {
     fi
     debugme echo -en "\nsending second client hello... "
     second_clienthello="$(modify_clienthello "$original_clienthello" "$new_key_share" "$cookie")"
+     TLS_CLIENT_HELLO="${second_clienthello:10}"
     msg_len=${#second_clienthello}
     for (( i=0; i < msg_len; i=i+2 )); do
          data+=", ${second_clienthello:i:2}"
@ -13542,6 +13543,7 @@ tls_sockets() {

          tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
          tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
+          tls_hello_ascii="${tls_hello_ascii%%140303000101}"

          # Check if the response is a HelloRetryRequest.
          original_clienthello="160301$(printf "%04x" "${#clienthello1}")$clienthello1"