Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74019

QT_DECRYPT_SSL_TRAFFIC does not work with TLS 1.3

    XMLWordPrintable

Details

    • Windows

    Description

      With the support for TLS 1.3 upcoming, if you enable the #define QT_DECRYPT_SSL_TRAFFIC and negotiate on TLS 1.3 the master secret will be all zeros in the qt-ssl-keys file.

      This is due to TLS 1.3 only having the session ticket information available after the handshake has already completed. https://www.openssl.org/docs/man1.1.1/man3/SSL_get_session.html:


      The ssl session contains all information required to re-establish the connection without a full handshake for SSL versions up to and including TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the main handshake has occurred.

      Hence why the QT_DECRYPT_SSL_TRAFFIC code in continueHandshake() within qsslsocket_openssl11.cpp does not work with TLS 1.3 connections.

      Attachments

        For Gerrit Dashboard: QTBUG-74019
        # Subject Branch Project Status CR V
        254233,4 Fix TLS Decryption when enabled on TLS 1.3 negotiations dev qt/qtbase Status: NEW 0 0

        Activity

          People

            cnn Qt Core & Network
            wallboy Adam W
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There is 1 open Gerrit change