Is is possible to get the TLS implemetation information of the remote server?

Question

I am trying to devise a way to find side-channels that reveal exact TLS library (and its version) running on the remote server by adopting similar approach to JavaScript Template Attacks

However, if there exist an explicit channel, then I might not dive into this problem.

Are TLS libraries reveal their implementation information (I don't mean the protocol version) through the messages or during the key exchange?

score 1 · Answer 1 · answered Mar 22 '19 at 11:41

1

TLS libaries don't reveal exact implementation details like type or version during handshake, i.e. there is nothing like the (easy fakeable) user-agent or server header in HTTP.

answered Mar 22 '19 at 11:41

Steffen Ullrich

184,332
29
363
424

score 0 · Answer 2 · answered Mar 25 '19 at 01:46

0

No. There are tools like https://github.com/WestpointLtd/tls_prober to try to guess the TLS implementation of the server by allowed variations in the server's behavior.

answered Mar 25 '19 at 01:46

Z.T.

7,768
1
20
35

Wow, thanks for sharing this repository! However, what is the main motivation for probing TLS fingerprinting? Any motivation other than _targeted exploit_? – shpark Mar 25 '19 at 02:05
I am more familiar with the case of whitehats thinking of a new test they want to run, running it against alexa top 1m, finding vulnerable servers and then being unable to identify vendors who need to be contacted to get them to issue patches. Like these guys: https://github.com/RUB-NDS/TLS-Padding-Oracles – Z.T. Mar 25 '19 at 02:12

Is is possible to get the TLS implemetation information of the remote server?

2 Answers2