Handling Simultaneous Full Handshake and Session Resumption in TLS-Attacker

[Smuul]

Description:

Hello, I am currently experimenting with the Resumption Handshake using TLS-Attacker as the server and OpenSSL as the client. My current implementation follows this sequence:

Config config = Config.createConfig();
WorkflowTrace trace = new WorkflowTrace();
trace.addTlsAction(new ReceiveAction(new ClientHelloMessage()));
trace.addTlsAction(new SendAction(new HelloVerifyRequestMessage()));
trace.addTlsAction(new ReceiveAction(new ClientHelloMessage()));
trace.addTlsAction(new SendAction(new ServerHelloMessage()));
trace.addTlsAction(new SendAction(new PskServerKeyExchangeMessage()));
trace.addTlsAction(new SendAction(new ServerHelloDoneMessage()));
trace.addTlsAction(new ReceiveAction(new PskClientKeyExchangeMessage()));
trace.addTlsAction(new ReceiveAction(new ChangeCipherSpecMessage()));
trace.addTlsAction(new ReceiveAction(new FinishedMessage()));
trace.addTlsAction(new SendAction(new ChangeCipherSpecMessage()));
trace.addTlsAction(new SendAction(new FinishedMessage()));
trace.addTlsAction(new ReceiveAction(new AlertMessage()));
trace.addTlsAction(new ResetConnectionAction());

//Resumption Handshake
trace.addTlsAction(new ReceiveAction(new ClientHelloMessage()));
trace.addTlsAction(new SendAction(new HelloVerifyRequestMessage()));
trace.addTlsAction(new ReceiveAction(new ClientHelloMessage()));
trace.addTlsAction(new SendAction(new ServerHelloMessage()));
trace.addTlsAction(new SendAction(new ChangeCipherSpecMessage()));
trace.addTlsAction(new SendAction(new FinishedMessage()));
trace.addTlsAction(new ReceiveAction(new ChangeCipherSpecMessage()));
trace.addTlsAction(new ReceiveAction(new FinishedMessage()));

State state = new State(config, trace);
DefaultWorkflowExecutor executor = new DefaultWorkflowExecutor(state);
executor.executeWorkflow();

Question

I would like to define an alternative workflow simultaneously to this one, which would involve another full handshake instead of a session resumption.

My goal is to handle two possible cases for a second ClientHello:

1. A resumption attempt, where the ClientHello includes the Session ID from the previous session.
2. A new full handshake, where the ClientHello contains an empty Session ID.

Is there a way to implement this behavior using TLS-Attacker, so that both handshake paths can be evaluated in the same workflow?

Any guidance or suggestions would be greatly appreciated.

Thanks in advance!

[mmaehren]

Hey,

there is no mechanism to switch between two expected paths in a workflow trace. However, it's quite easy to achieve this using TLS-Attacker as a library of a small maven project (see here). The ExampleClass of this repo uses the WorkflowExecutor as TLS-Server.jar would but you can simply just use the state to execute each action individually and choose subsequents actions based on the result.

[Smuul]

I'm not getting your point. Could you provide a simple example of how it could be done?