Obtaining TLS handshake details e.g. server key exchange bits

Christopher Schultz chris at christopherschultz.net
Mon Sep 19 21:28:25 UTC 2016


All,

I apologize if this isn't the right place to post this. Please let me
know if I should post elsewhere and I'll be happy to do so.

For the past few years, I've been maintaining a Java-based TLS server
tester mostly for my own use, but also shared with the Apache Tomcat
user community. It does the usual things like checking to see which
cipher suites and protocols a server will support.

Recently, I decided I wanted to emulate ssllabs's "weak DH" detection
which requires the ability to look at the server's key exchange messages
which are send during the TLS handshake(s) in order to get information
about the ephemeral keys exchanged.

Unfortunately, it doesn't look like the public Java API exposes this
level of detail to client code. I've plumbed everything I can find in
the SSLSocket, SSLSession, SSLParameters, and HandshakeCompletedEvent
and I can't find what I'm looking for. If I'm missing some part of the
API, please let me know where I've neglected to look.

When enabling debug logging, the stderr stream does in fact have
information about the server key exchange:

*** ECDH ServerKeyExchange
Signature Algorithm SHA1withRSA
Server key: Sun EC public key, 256 bits
  public x coord:
110012472572673270259963200120939499588744004832860744957480311193127985892474
  public y coord:
52644710749477935701151970482569895235781257631749844762926109323061108920137
  parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 79, 42, 152, 110, 20, 54, 113, 102, 98, 154,
229, 169, 168, 248, 134, 190, 20, 10, 233, 39, 44, 67, 158, 215, 13,
248, 134, 228, 65, 174, 5, 139, 154, 212, 79, 238, 177, 31, 240, 189,
185, 129, 24, 175, 37, 177, 149, 138, 15, 141, 183, 134, 243, 15, 185,
60, 24, 67, 7, 172, 48, 133, 222, 85 }
main, WRITE: TLSv1.2 Handshake, length = 70

So, all the information I see is there... just not through the API it seems.

If such information is in fact not currently exposed, I'd like to
propose that the API be extended in order to expose that information. At
this point, I'm only interested in the ephemeral Diffie-Hellman keys
used to negotiate the session key, but it might be nice to be able to
get at the symmetric session key as well to support debugging similar to
how Mozilla Firefox can dump the symmetric key to a file on the dist
specified by the SSLKEYLOGFILE environment variable.

I'm not too picky about the style of the API (e.g.
callback-during-handshake versus direct-call-after-handshake), I just
want to be able to sniff this stuff.

Please let me know if I should provide any additional information.

Thanks,
-chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: OpenPGP digital signature
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20160919/cc7ebe88/signature.asc>


More information about the security-dev mailing list