Details
-
Bug
-
Resolution: Out of scope
-
P5: Not important
-
None
-
5.12.1
-
Win 7 x64, Qt 5.12.1
Description
With the support for TLS 1.3 upcoming, if you enable the #define QT_DECRYPT_SSL_TRAFFIC and negotiate on TLS 1.3 the master secret will be all zeros in the qt-ssl-keys file.
This is due to TLS 1.3 only having the session ticket information available after the handshake has already completed. https://www.openssl.org/docs/man1.1.1/man3/SSL_get_session.html:
The ssl session contains all information required to re-establish the connection without a full handshake for SSL versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred.
Hence why the QT_DECRYPT_SSL_TRAFFIC code in continueHandshake() within qsslsocket_openssl11.cpp does not work with TLS 1.3 connections.
Attachments
For Gerrit Dashboard: QTBUG-74019 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
254233,4 | Fix TLS Decryption when enabled on TLS 1.3 negotiations | dev | qt/qtbase | Status: NEW | 0 | 0 |
254232,1 | Fix TLS Decryption when enabled on TLS 1.3 negotiations | dev | qt/qt5 | Status: ABANDONED | 0 | 0 |