Decode PVA in TLS via ALPN #14

mdavidsaver · 2023-07-18T18:25:43Z

Add decoding of PVA within TLS using the tls.alpn table provisionally using pva/1 as the protocol name string.

The test/pva-tls.pcapng.gz capture contains a TLS 1.3 session with the associated session keys embedded to it. So it can be dissected like any other capture.

wireshark -X lua_script:pva.lua test/pva-tls.pcapng.gz

The process to capture and embed session keys was:

wireshark -X lua_script:pva.lua &   # save capture as /tmp/pva.pcapng.gz
SSLKEYLOGFILE=/tmp/pva-secrets pvget ...
editcap --inject-secrets tls,/tmp/pva-secrets /tmp/pva.pcapng.gz test/pva-tls.pcapng.gz

Alternately, the raw capture and keylog can be analyzed separately. (the keylog path can also be set through the GUI)

wireshark -X lua_script:pva.lua -o tls.keylog_file:/tmp/pva-secrets /tmp/pva.pcapng.gz

@kasemir @george-mcintyre To my mind, this wireshark feature along is sufficient to justify using the ALPN extension.

see https://wiki.wireshark.org/TLS

mdavidsaver · 2023-07-30T20:39:59Z

Updated test/pva-tls.pcapng.gz with a session using client certificate and intermediate CA.

mdavidsaver added the enhancement label Jul 18, 2023

mdavidsaver self-assigned this Jul 18, 2023

mdavidsaver mentioned this pull request Jul 26, 2023

PVA over TLS mdavidsaver/pvxs-dev-old#2

Closed

16 tasks

decode PVA in TLS via ALPN

d6877ca

mdavidsaver force-pushed the pva-tls branch from 7607e7a to d6877ca Compare July 30, 2023 20:38

mdavidsaver mentioned this pull request Aug 17, 2023

TLS epics-base/pvxs#53

Draft

19 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Decode PVA in TLS via ALPN #14

Decode PVA in TLS via ALPN #14

mdavidsaver commented Jul 18, 2023

mdavidsaver commented Jul 30, 2023

Decode PVA in TLS via ALPN #14

Are you sure you want to change the base?

Decode PVA in TLS via ALPN #14

Conversation

mdavidsaver commented Jul 18, 2023

mdavidsaver commented Jul 30, 2023