TLS-Attacker3.6.0/TLS-Core/TLS1.3

[hey3e]

Hi, I'm using 3.6.0 and trying to send TLS1.3 via TLS-Core.

Based on previous issues I knew that the config should be updated to make TLS-Attacker use TLS1.3. So I replaced the default_config.xml of TLS-Core with the tls13.config within resources/configs.

But the TLS-Attacker still sends TLS1.2 under the TLS13 command.

Did I misunderstand the config?

[hey3e]

I've changed "supportedSignatureAndHashAlgorithms" to "defaultClientSupportedSignatureAndHashAlgorithms" in tls13.config and I found that it worked using TLS-Client. The command is:

java -jar apps/TLS-Client.jar -config ./resources/configs/tls13.config -connect -version TLS13

While I'm not clear about how to depoly the config in TLS-Core.

[ic0ns]

TLS-Core is only a Library. Not an executable. When you want to change values in the libraries you have to do it though the code:

Config config = Config.createConfig(); //new Config(); depending on the TLS-Attacker version.
config.setDefaultClientSupportedSignatureAndHashAlgorithms(/*Add algorithms here*/);

The default config is only there for you as syntax reference (and insights into the default config). If you want to change the default you need to change it in the Config.java