Decrypting Schannel TLS traffic. Part 2. Session resumption
This part is about dealing with session resumption. I’ve also redone some of the experiments from a related research to discover if something has changed from the time it was written. The key takeaways are as follows:
- For TLS1.2 schannel does session resumption both with session IDs and tickets;
- Resumption for TLS1.2 is only performed when extended master secret extension is in use;
- Methods and results from Jacob Cambic’s research still largely apply, but some of the offsets have since changed;
- Researching resumption helped identify an easier target for hooking the works both for resumed and non-resumed TLS1.2 sessions and does not have problems with session hashing, namely
- The tool for exporting the keys was update with this new extraction method;
- My experiments show that for TLS1.3 session resumption is not currently supported by Schannel. I would love to be proven wrong, though.
As previously, this work is part of my R&D activities at SolidLab LLC and was fully funded by the company. I’m grateful to be able to do reseach as part of my job. We do offensive security, web application analysis and SDL consunting. We also develop a WAF.