Added new data handler "noforwardsecrecy".#98
Conversation
There was a problem hiding this comment.
If the TLS record contains no messages do I need to continue keep buffing the response, or can I simply "pass" the error and return the response object?
Note. The same comment applies to the exception handler in the SunsetSHA1 on_response method in PR #78.
https://github.com/mkenne11/nogotofail/blob/sunsetsha1/nogotofail/mitm/connection/handlers/data/ssl.py#l231
|
Just checking if this PR and #78 are ok to merge? No worries if you are busy :) |
There was a problem hiding this comment.
(Sorry for the late response, holidays are busy :().
This would probably be easier to do using a subclass of the _TlsRecordHandler, that way you don't have to worry about the buffering and state
There was a problem hiding this comment.
Thanks Chad that's good idea to subclass the _TlsRecordHandler handler. It will make the code much cleaner also.
mkenne11
force-pushed
the
noforwardsecrecy
branch
from
5e78b2e to
330fe96
Compare
The "noforwardsecrecy" data handler detects cipher suites negotiated between client and server (in the Server Hello message) which don't support forward secrecy i.e. Ephemeral Diffie-Hellman methods DHE or ECDHE.
mkenne11
force-pushed
the
noforwardsecrecy
branch
from
330fe96 to
75701bb
Compare
|
I made the changes recommended:
I am still raising notifications in the Android client when alerts for this handler are raised. Do you think this OK? (Not sure if it's too spammy/ or if it's application policy to notify on INFO events). |
There was a problem hiding this comment.
Should I return the TLS record (byte array) each time the method is run?
3 participants
The "noforwardsecrecy" data handler detects cipher suites negotiated between client and server (in the Server Hello message) which don't support forward secrecy i.e. Ephemeral Diffie-Hellman methods DHE or ECDHE.