Releases: tls-attacker/TLS-Attacker
TLS-Attacker v6.3.2
Changes:
- Added RSA PSS RSAE support
- Improved SignatureAndHashAlgorithm selection when a certificate was specified by user
- Fixed missing X.509 context update for pre defined certificate chain
- Fixed parser loop for undefined record content types
- Fixed ClientRandom value not retained in a new CH sent after receiving a HelloRetryRequest in TLS 1.3
- Fixed empty application data messages disappearing during serialization
- Fixed X509 and ASN.1 Attacker classes missing in JAXB context
- Various improvements based on Spotbugs' suggestions
TLS-Attacker v6.1.7
Changes
- When generating static ECDH certificates, TLS-Attacker now defaults to ECDH/ECDSA OID for the public key in the certificate as ECDH-only OID is not supported by OpenSSL
- Updated X.509-Attacker dependency to fix NullPointerException thrown when generating static DH certificates
- Fixed ProtocolAttacker API usage in hash-to-curve code of PWD computations that previously always used the curve's base point if the first X coordinate was not valid for the chosen curve
TLS-Attacker v6.1.4
Changes
- Implemented new X.509-Attacker dependency enabling TLS-Attacker to generate arbitrary certificates dynamically at runtime
- Replaced Bouncycastle certificate parsing with X.509-Attacker parsers
- First constants of TLS-Attacker have been moved to Protocol-Attacker to achieve a unified interface for other protocols
- Added cache for KeyShareCalculator to speed up public key compuations
- Fixed bug in RSA PSS salt generation
- Fixed bug in HTTP header parsing
- Fixed key handling bug in 0-RTT handshakes
- Fixed incorrect RSA PKCS#1v1.5 padding structure for RSA moduli that are not divisible by 8
- Fixed NullPointerExceptions caused by improper extension handling
TLS-Attacker v5.3.0
Changes
- Added support for chinese SM cipher suites in TLS 1.3
- Fixed encryption issue when using client authentication in TLS 1.3
- Fixed a bug for reexecuted WorkflowTraces caused by manipulated LayerConfiguration
- Fixed a bug which caused only the first pre-defined DTLS fragment to be used by the DtlsFragmentLayer
TLS-Attacker v5.2.1
Starting with this release, we attribute the Technology Innovation Institute (@tiiuae) in the license header to reflect the extensive contributions made by its researchers.
Changes
- Set default WorkflowTraceType to DYNAMIC_HANDSHAKE so the user does not have to specify the negotiated key exchange algorithm before execution
- Added flag for automatic extension selection in ServerHello and EncryptedExtensions (defaults to off for backwards compatibility)
- Fixed NullPointerExceptions for pseudo cipher suites (e.g SCSV) enforced in Server Hello
TLS-Attacker v5.1.6
The new version of TLS-Attacker introduces a layer system, which better separates protocols and parts of protocols in the code. This also facilitates the implementation of new application protocols besides HTTP. The user is now also able to define custom protocol layer stacks. Large parts of TLS-Attacker have been refactored for this purpose.
Changes
- Introduced layer system with clear separation of fragment layer, record layer, message layer and HTTP layer
- Refactored parsing to use separate streams for sub structures of messages, such as extensions within handshake messages
- Added support for encrypted Client Hello messages
- Fixed inconsistent use of generic classes which caused issues for some IDEs
- Unified client port reuse across TCP and UDP transport handlers
TLS-Attacker v4.0.2
What's Changed
- Adjusted artifact ID to match guidelines
- Implemented EXPORT cipher suite handling for server
- Implemented Signature Algorithm Cert extension
- Improved certificate selection for server
- Fixed EOF detection in transport handler
- Fixed sockets not closed correctly for WorkflowExecutionExceptions
- Fixed SSL2 messages missing in output of ReceiveAction
- Integrated Bill of Materials (BOM)
- Bumped dependency versions
Full Changelog: 3.8.1...v4.0.2
TLS-Attacker 3.8.1
Changes:
- Fixed Null Pointer Exception in EarlyCCSAction
- Fixed RuntimeException in ECDHEClientKeyExchangeMessage when FFDHE group was negotiated
- Fixed ARIA_256_GCM cipher suites
- Fixed CertificateTypeExtension handling
- Fixed wrong interpretation of FFDHE key share byte values (thanks @SidolFreiburg)
TLS-Attacker 3.8.0
Added new Smart Chooser Classes for smarter record size limits
Added TLS-Attacker proxy module prototype, which allows to use TLS-Attacker as SslSockets
Fixed a ClassCastException in the CertificateStatusParser
Removed the Attacks module. Scanning capabilities were move to https://github.com/tls-attacker/TLS-Scanner while exploits are currently reworked to be more user friendly within their own module
Fixed a Bug which caused TLS-Attacker to be unable to parse incoming records with more than ~127 bytes of padding in CBC mode
Fixed Timing Attacks TransportHandler.
Introduced overwriteable Callbacks before and after handshake execution
Introduced FFDH Named Groups
Better SessionID / SessionTicket support
TLS-Attacker is now running on Java 11
More control over DTLS fragment layer in workflowTrace
Better handling of DTLS retransmissions
TLS-Attacker can now also send DTLS retransmissions
Custom TLS PRF implementation (no longer relying on BC)
Introduced new "IGNORE_UNEXPECTED_KEY_UPDATE_MESSAGES" and "IGNORE_UNEXPECTED_APP_DATA" Action options
Introduced new actions: ChangeReadEpoch, ChangeReadSequenceNumber, ChangeWriteEpoch, ChangeWriteSequenceNumber, SendMessagesFromLastFlight and SendRecordsFromLastFlight
Introduced KeyUpdates for TLS 1.3
Removed TLS 1.3 draft code
Deleted Forensic Module
Fixed a bug which caused invalid nonces for ChachaPoly in DTLS
Added warnings when workflowtraces are loaded (manually) but they still contain "originalValues" from previous executions
Introduced RSA-SKE message (RSA-Export)
Fixed Illegal Reflective Access Bug (PseudoRandomFunction)
Reworked certificate generation scripts
Minor fixes and code improvements
TLS-Attacker 3.2b
TLS-Attacker 3.2 with log4shell fix