I have a TLS1.3 packet in pcapng format and its corresponding keylog file. I tried to decrypt it using the key message in the keylog. A data packet at a certain location has been lost. Wireshark seems unable to decrypt its subsequent data packets. I have reviewed the Wireshark source code and the principle of AEAD encryption. Is it necessary to use the TLS record sequence number to decrypt the constructed nonce using the correct nonce. So, after sending packet loss, all subsequent data cannot be decrypted?
↧