TLS Fundamentals: Ep.8 – Final Challenge

Question

the 15th question Connect to the localhost using the answer from the previous task as the port. What is the six character token value embedded in the ticket name?

The hint is :

Hint

Look at the session ticket data. The token is a random six character string that is prefixed with "TOKEN=".

the answer from the previous task as the port is 64321, but no token with prefix "TOKEN="

I doubt there is no correct answer, looking forward your feedback.

iml-user@secure-ops-wireshark-with-nginx:~$ openssl s_client -connect localhost:64321
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA
verify return:1
depth=1 O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA
verify return:1
depth=0 CN = admin.immersive.local
verify return:1
---
Certificate chain
0 s:CN = admin.immersive.local
i:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA
a:PKEY: rsaEncryption, 2048 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: Dec 5 12:16:11 2025 GMT; NotAfter: Dec 6 12:16:11 2025 GMT
1 s:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA
i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: Dec 5 12:16:10 2025 GMT; NotAfter: Dec 3 12:16:10 2035 GMT
2 s:O = TLS Fundamentals, CN = TLS Fundamentals Root CA
i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: Dec 5 12:16:09 2025 GMT; NotAfter: Dec 3 12:16:09 2035 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICwzCCAmqgAwIBAgIQMMvZLi8quT3QmIsn4NgfcDAKBggqhkjOPQQDAjBGMRkw
FwYDVQQKExBUTFMgRnVuZGFtZW50YWxzMSkwJwYDVQQDEyBUTFMgRnVuZGFtZW50
YWxzIEludGVybWVkaWF0ZSBDQTAeFw0yNTEyMDUxMjE2MTFaFw0yNTEyMDYxMjE2
MTFaMCAxHjAcBgNVBAMTFWFkbWluLmltbWVyc2l2ZS5sb2NhbDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANZ3bl6LliwxKY10jKAMcpBEb/GqrQJugR3+
sUD7JarTRNYKPG3rGuDbDabVytl8Oc8/VnTQuzulPyPeFSufsxki+3WgrFGBcK+5
mxoQrR7zAl0p4l+jzR6uSxnh5vSoMaPpnlIGqW6Ipw5SR5SGTyp4jSh/xwbxDY4U
8vKeIu1fvgAADRDrZ4XzUAlNGw6nTBdEj/TV03cbE7RDJwrsahi/w9pDi3vkeQCW
ftD/ZMV7vLFrl5MkeFmKV2guI8+HBUXRt9fx6ilu5016Atzl5VMGDOOkufXNnZGq
Sh3J2PCcR5uheFFllk9dkgwfqdNevqBgzL5VZUyxKzbv3tY/86ECAwEAAaOBlDCB
kTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB0GA1UdDgQWBBRhm48B5yPrTvgjlo5f5bJPihOJ4TAfBgNVHSMEGDAWgBTVISkB
T81TtwfzgFQI18fLxUMLIDAgBgNVHREEGTAXghVhZG1pbi5pbW1lcnNpdmUubG9j
YWwwCgYIKoZIzj0EAwIDRwAwRAIgOf6y/oGxlmuKuLrGMzIjq+y2OgqVXThzXr2d
x/CHgMICIFJhSxJSPeSIyobZKC0QmB+057ns1NI27oOMuR1fjax7
-----END CERTIFICATE-----
subject=CN = admin.immersive.local
issuer=O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2219 bytes and written 373 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DF37EF25B8F57F8A61A64BE228EC58AC2B113B991479961CBDAFC029B9482892
Session-ID-ctx:
Resumption PSK: E230CD3D18A2BB48A51A7C04EE16FDAF79EFBEEA3D8605B70FFC0DEB68098CF355060AF8DF360EACFBC480C5B3AFE462
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H
0010 - 82 38 28 98 95 e3 7b 18-6f e7 0c c8 54 ef 3d 1f .8(...{.o...T.=.
0020 - b9 2c aa b2 b2 57 d8 5e-4e aa e9 75 c0 68 7c ce .,...W.^N..u.h|.
0030 - 00 c6 85 ae 2c 96 26 44-54 88 a1 d1 b0 58 a9 d3 ....,.&DT....X..
0040 - 88 1c 2a d8 85 a3 f1 a2-09 a8 33 9e 1f b1 db af ..*.......3.....
0050 - 84 f9 92 b3 78 2c 17 7e-11 87 12 1c 49 81 e1 2d ....x,.~....I..-
0060 - 08 79 00 e8 9d bf 7e fb-10 41 ec 93 c1 5e 30 a4 .y....~..A...^0.
0070 - 61 92 2a 79 a2 09 2d 66-97 f8 d9 fa bb b3 c8 a2 a.*y..-f........
0080 - d3 e3 ab bd 45 36 68 00-11 98 0e 68 ea 1e 52 ee ....E6h....h..R.
0090 - 08 7b 2b aa 80 42 31 b0-ec 9b 51 ae b1 ca cf ee .{+..B1...Q.....
00a0 - d8 bd c5 31 dd b9 22 c3-8a 0b 76 c3 a6 ca 50 e2 ...1.."...v...P.
00b0 - 2a 85 f8 9e 68 0b 13 cb-bf 92 c7 0e 4f ad 49 ab *...h.......O.I.
00c0 - c5 57 20 55 c5 47 6a b1-34 f1 1d 19 c3 5f 6f dd .W U.Gj.4...._o.
00d0 - c8 38 01 7c 62 11 74 ef-f1 17 15 6d a7 7a 7c d5 .8.|b.t....m.z|.

Start Time: 1764942947
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 6D76BD7F89AB457ACE03494B528103EF5A71D03E1434867610C4751172D68E4A
Session-ID-ctx:
Resumption PSK: 0CDCF4F49EB91C1A74B76442B31D70C8976BD6EA6ECD52B47BC84A10EE151BD8EFA32134A678784FB138B0AAB2F4DB21
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H
0010 - c6 a4 ef 5d c9 62 7a 08-15 66 b9 8c 24 1e f3 17 ...].bz..f..$...
0020 - b1 1f 84 10 60 b0 fb c7-2b 03 1d 79 2e 97 ca 52 ....`...+..y...R
0030 - 14 5c d8 aa 8b 3a ae 37-93 c0 73 dd c5 b7 7f f0 .\...:.7..s.....
0040 - 2a 1f 6a 14 25 8b d3 ed-3c 60 33 fb 11 64 05 26 *.j.%...<`3..d.&
0050 - b3 9f 9c 8f 64 23 ca b5-5a 13 c5 d2 22 5f 92 b6 ....d#..Z..."_..
0060 - fd 40 9e b4 f0 5e 42 40-79 d5 18 c6 ba 6a 0e fe .@...^B@y....j..
0070 - 7b 38 c5 9b 87 e9 b1 1b-e8 5d 98 7c a4 51 a6 9c {8.......].|.Q..
0080 - d5 4a 75 40 22 b6 62 4f-00 b2 54 30 a1 3f 8d b8 .Ju@".bO..T0.?..
0090 - 07 c2 6b 67 64 d2 c3 2d-e1 d1 ae 70 e3 0d 2b 54 ..kgd..-...p..+T
00a0 - f2 5f 4c 96 25 2c 77 43-1d a4 e8 67 0b 1e d0 10 ._L.%,wC...g....
00b0 - 9f 40 cb 85 52 01 47 9d-07 0d c7 3c 7d 13 64 2f .@..R.G....<}.d/
00c0 - ee 13 36 6e 7c 0b d7 16-d0 e6 94 ef f8 99 9e 16 ..6n|...........
00d0 - 95 c3 21 8a 3c af f4 4b-09 2d 14 a0 3d 22 58 db ..!.<..K.-..="X.

Start Time: 1764942947
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK

samdickison · Answer

I'm not completely sure, have you tried a capture with Wireshark, so you can decrypt your capture?

Forum Discussion

TLS Fundamentals: Ep.8 – Final Challenge

1 Reply

Featured Places

Help

Related Content

TLS Fundamentals: Ep.8 – Final Challenge

TLS Fundamentals Ep.8 - Final Challenge

Season 1 Finale

Season Finale Walkthrough Webinar

Season 1 Finale Terms & Conditions

Recent Discussions

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)

Defensive fundamental question three

Modern Encryption: Demonstrate Your Skills

Microsoft Defender for Cloud

Creating Quantum Circuits: Ep.2 – Deutsch-Jozsa Algorithm