13

I'm looking at a TLS v1.3 headers in Wireshark and I'm not sure where I would find the server certificate that is used to confirm that the server is who they claim to be.

wireshark

The Client Sends Hello then the Server Sends Hello with two TLS Record Layers and also sends another Application Data.

enter image description here

but none of these contains anything about a certificate. The client sends back a Change Cipher Spec. and after only Application Data is transmitted which is now obviously encrypted.

Where are the Server's Certificate and Digital Signature as suggested by Mike Pound from this Computerphile video https://www.youtube.com/watch?v=86cQJ0MMses. where is Server Hello Done suggested in the video.

EDIT:

I can see the certificate in TLS v1.2 but not in TLS v1.3

masonCherry
  • 387

1 Answers1

13

In TLS 1.3, all messages after ServerHello are encrypted – the actual Certificate message is hiding in the "Application Data" packet in line 3.

The ChangeCipherSpec message is meaningless in TLS 1.3 and is only sent to appease various middleboxes (firewalls, intrusion detection systems, etc.) which have some overly strict assumptions about how a TLS handshake should look like.

For the same reason, the encrypted handshake packets are sent as an "type = Application Data, record_version = TLS 1.2" even though they're neither TLS 1.2 nor application data.

Basic handshake diagram

Image borrowed from Cloudflare blog

grawity
  • 501,077