By
Dr. J on 2020-09-09 09:25:11
Inspecting TLS handshakes in Wireshark, you may have seen a "GREASE" cipher, or a "GREASE". For example, in the TLS Client Hello below:
[caption id="attachment_293" align="alignnone" width="700"] TLS Client Hello with GREASE[/caption]
"GREASE" is not an actual cipher or option. It is ia bit a dirty workaround. The features is defined in RFC 8701. GREASE is an acronym and stands for "Generate Random Extensions And Sustain Extensibility" [1].
GREASE was introduced to discourage non-compliant TLS implementations. TLS always intended that clients/servers will ignore options they do not understand. For exmaple, if I as a client support a new cutting edge cipher or option, but the server doesn't, the server is just going to ignore that cipher and it will pick one we both support.
Early on, with the introduction of SSL 3.0, it became evident that some servers didn't follow the specs as they should. Clients advertising SSL 3.0 compatibility where not able to connect, even if they had a common SSL version (2.0) supported by both server and client [2].
To "force" TLS implementations to ignore unsupported options, GREASE was introduced. GREASE options are essentially random data that is added to make sure the recipient will ignore this random data and still connect.
GREASE can show up as a cipher, as an option (see above) and also as a TLS version. I do not see it used much as a TLS version, but have seen it in MacOS 11 Beta 4 [3].
The GREASE values follow a common pattern to avoid collision with existing or future TLS options/ciphers or versions. The value is always two identical bytes, and the second nibble of each byte is 'A'. For example: "0x8a8a" would be a valid GREASE cipher. The RFC lists acceptable values for different purposes.
[1] https://tools.ietf.org/html/rfc8701
[2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Notes_on_TLS_-_SSL_3.0_Intolerant_Servers
[3] https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/