10

I'm looking at a TLS v1.3 headers in Wireshark and I'm not sure where I would find the server certificate that is used to confirm that the server is who they claim to be.

wireshark

The Client Sends Hello then the Server Sends Hello with two TLS Record Layers and also sends another Application Data.

enter image description here

but none of these contains anything about a certificate. The client sends back a Change Cipher Spec. and after only Application Data is transmitted which is now obviously encrypted.

Where are the Server's Certificate and Digital Signature as suggested by Mike Pound from this Computerphile video https://www.youtube.com/watch?v=86cQJ0MMses. where is Server Hello Done suggested in the video.

EDIT:

I can see the certificate in TLS v1.2 but not in TLS v1.3

Improve this question
1

1 Answer 1

Reset to default
10

In TLS 1.3, all messages after ServerHello are encrypted – the actual Certificate message is hiding in the "Application Data" packet in line 3.

The ChangeCipherSpec message is meaningless in TLS 1.3 and is only sent to appease various middleboxes (firewalls, intrusion detection systems, etc.) which have some overly strict assumptions about how a TLS handshake should look like.

For the same reason, the encrypted handshake packets are sent as an "type = Application Data, record_version = TLS 1.2" even though they're neither TLS 1.2 nor application data.

Basic handshake diagram

Image borrowed from Cloudflare blog

Improve this answer
1
  • 1
    Thanks, so the key exchange (key share?) happens immediately then the certificate is verified later? The client decrypts the second server message with the shared key and determines whether the certificate and other information inside is valid and then decide if it wants to now send encrypted messages with this server.
    – masonCherry
    Commented May 11, 2021 at 16:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .