Where in the TLS 1.3 record is the sequence number located?

miran80

5/10/24, 9:52 AM

The sequence number should be a 64 bit number in every TLS record, but the record header layer is only 5 bytes long and I am looking at a Wireshark pcap, where the TLS record only includes the header and encrypted application data. There is no sequence number.

1 + 1

aes

aes-gcm

dave_thompson_085

5/11/24, 1:40 AM

As answered it is implicit, not transmitted. And the same for earlier TLS, and SSL. However, _datagram_ TLS -- _DTLS_ -- 1.0 and 1.2 corresponding respectively to TLS 1.1 and 1.2 do transmit it; there is no DTLS1.3, at least not yet.

Score:1

Crypto

Daniel S

5/10/24, 11:41 AM

The sequence numbers are never explicitly transmitted, but are calculated independently by both sides starting from 0 with separate counts for send and receive.

+ 7

miran80

5/10/24, 11:48 AM

So each outgoing TLS record increases the "sent sequence number" counter by 1 and each incoming TLS record increases the "received sequence number" by 1? Meaning, Wireshark must be counting how many times they see a TLS record (counting TLS headers perhaps)?

Daniel S

5/10/24, 11:52 AM

The client and server software are certainly doing this WireShark records [relative sequence numbers](https://wiki.wireshark.org/TCP_Relative_Sequence_Numbers) according to what it has observed AIUI

miran80

5/10/24, 11:54 AM

I am not sure if the TCP sequence number is the same as the sequence number of a TLS record - the one being used to XOR the IV in TLS 1.3 when decrypting AES.

Daniel S

5/10/24, 12:00 PM

That's right; the TLS sequence number only refers to TLS packets. Wireshark may not be tracking it at all.

miran80

5/10/24, 12:04 PM

Packets or TLS records? I think a TLS record can span several packets or a packet may contain several TLS records. I think you mean TLS records.

poncho

5/10/24, 12:52 PM

@DanielS: correction: the TLS sequence number refers to TLS *records*. There is no necessary correlation between how records are laid out and how they fit within packets (e.g. TCP segments)

Daniel S

5/10/24, 1:02 PM

Agreed ((ignore this unnecessary comment extension))

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Where in the TLS 1.3 record is the sequence number located?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.